Hotel card keys...

How do those hotel card keys work? I know that they get “programmed” for your door at the front desk, but how? The door’s lock doesn’t seem to be hooked up to a network of any sort. Does each door have one “combination” and the card you are given is coded to unlock it and then set to expire at the end of your stay? The doors have a red and green light that indicate if the card key worked, are these lights battery powered? I was looking closely at one yesterday and could not find anyway to get into the thing… No screws, no removable face plates, nothing… How would they change the battery? Do the maids get a card key that grants access to all the rooms… I am trying to find a way to keep my mind engaged while on business travel… Excuse the insipidness… ducks

Not only is the glass half empty, I think someone’s spit in it…

You were right. The doors are connected to a network, and has its own individual pass code, such as 1-2-3-4. When you check in, the 1-2-3-4 is scanned onto your card, and a time limit is put on the card. If you stay for one night, the card expires at noon the next day. The code itself doesn’t change.

The locks are powered by battery, and are removed by a special tool.

Smaller hotels have the “skeleton” key used by the maids, but larger hotels keep the master keys for the maids restriced to zones.

Hmm… something sounds fishy about that explanation. The doors are connected to a network? I don’t think so.

The cards “expire” at noon the next day? How do they know what time it is? How do they know you didn’t decide to stay another night?

No, they change the digital locks on those doors every time someone checks out. That’s the only reason they went to more expensive digital hardware, so someone doesn’t keep (or copy) the key.

I don’t know how it’s done, but that ain’t it.

Maybe I can be some help here. I used to do building security work for a local corporation, which used card reader door locks.

First, the card is not reprogrammed every time it is checked out. It is programmed once when it is initially activated. Each card has a digitally encoded number on its magnetic strip. The first few digits are an authorization code, telling the card reader (and its controlling computer) that “this is one of Des Moines Ramada Inn (or whatever) cards”. The rest of the digits encode the card number. Once encoded, it does not change.

The card readers themselve are hooked up to a central computer (or have an internal computer that gets updates from a central computer). When the card is assigned to someone the change is made on the computer. (Card # 12345 is assigned to room 508.) When the card is returned, this assignment is deleted. Likewise if the card gets lost. The company keeps track of what numbers are used, and does not reuse nubmers. If you find a card in a dumpster somewhere, you might as well put it back. It will not be assigned to anything ever again. Since a card’s room assignment will almost certainly change, a copy of the card will probably not work on the door that it used to.

Furthermore, the computer tracks card use. It lets the operator know what cards are being used where. If you take your copy and start trying it on doors, the operator will be sicking security on you in a heartbeat. Particularly so, if the card happens to be one that is at the front desk waiting to be assigned.

Does that help?

Carpe hoc!

Another Y2K problem?

Why wouldn’t you think they would be connected to a network? Because you saw no wires? Networks can be radio or I/R, too.

If I had to design a lock with no network, I would let it have an key #, a clock, and codes dependent on those parameters. Days reserved would be encoded on the card. Downside: if you wanted to cancel a card (lost card, etc.) you would have to physically reprogram the door with a new key #. If you wanted to extend a stay, you would have to rewrite the card.

(The battery powered is correct – my door kept working despite a power outage)

Okay, update on jens’ statements.

There is battery power on cardreader door locks, but it only functions as a backup. Normally, they are powered by existing electrical circuits.

At work, most of the cardreaders were hooked up by direct lines that ran through conduits. Think that sounds like a lot of work? Your right, it is. But the ease of reprogramming them, rather than replacing a door lock, justifies it. Sometimes cardreaders (especially those with an internal or some other remote controlling panel) are hooked up to the computer by phone lines. We were in eastern KY, and were controlling door locks all the way out to Houston, TX.

Carpe hoc!

I am having a problem with the whole idea of a network still… I just got back from a trip to Wichita so I had a lot of time on my hands. The door did not outwardly appear to be wired so it would have to have been some sort of radio/ir thingamajigger… Seems like a lot of work.

I do agree that the cards are programed to expire. I arranged for a late check out and, when I returned from lunch, my key no longer worked. The woman at the front desk said that if must have gotten scratched but I think it was a victim of planned obsolescence…

Not only is the glass half empty, I think someone’s spit in it…

OK. The wires won’t appear outwardly. They run out of the back of the cardreader and directly into the wall. You’d have to tear the cardreader off the wall to see them. Radio or IR are also possibilities, but somewhat unlikely. Network hookups are cheaper and more secure.

As for the cards expiring, when the card is programmed access to a certain room, the amount of time the card will work on the room is also programmed. (If this sounds complicated, keep in mind that this can be done as a sort of “macro” and would only require a few keystrokes to program.)

BTW, when I left the company (read “downsized”) they were experimenting with a new system that wouldn’t need any action by the card holder. The card had a microchip in it that would be powered by an electric field given off by the (concealed) cardreader. In response the chip would broadcast its number to the cardreader and the door would unlock if it was authorized. You never even have to take it out of your wallet. They hadn’t implemented it yet at work, but I doubt that it will be much longer before you start seeing these.

Carpe hoc!

Technically, in hotels, the cardreader are located ON THE DOORS as the doorknob/lock, not the walls.

You might be confusing the hotel keys for high security setups.

MrKnowItAll: Duck means the card readers ON the doors at hotels.

Duck: Have you thought of checking the door’s hinges? Wiring can be inside the door, and through those hinges to the network. Even if Nick doesn’t think so.

Good grief, MrKnowItAll, when did you leave that company? I used to work for a data collection/security company & those have been around for at least ten years. They are called proximity (prox) cards & the main problem with them is that they are expensive - twelve dollars apiece last I heard but it should have gone down by now. Prox badges are so nice.

Ok. The guy at the Drake who answered the phone was happy to explain it, (lol, some security system) and he agrees with Lissa.

I think he’s wrong, too, but I’ll get to that later.

He says:

  1. The card reader on the door is hooked to a network (lan,wan,whatever)(he thinks hardwired).
  2. The card is encoded with a “time limit.”
  3. The card “knows” when to “stop working.”
  4. If the card is lost or stolen, the chances of the finder/thief finding the correct room are “slim to none.”

I have several problems with this.

  1. If it’s the card that remembers the “time limit” and deactivates itself, why have the card reader hooked up to anything? Why all the expensive LAN hardware when the card reader is nothing but a dumb digital door lock? So they can keep track of how many times you go in and out?

2.& 3. I think it’s the card reader and the computer behind it that stops unlocking the door when the time limit is reached. And I think that computer changes the lock code so that the card (or a new card) must be activated with the new code before that door will open again.

  1. The chances of a thief finding the room that card opens are not “slim to none,” they are “very good” considering the guy followed you to your room before you discovered your key missing. Now, if the card the thief has remains valid for say, 10 hours, and the hotel can’t deactivate the card or change the lock, then that thief has 10 hours to plunder your room. That does not make sense to me.

I say the brains of the operation is the card reader/computer/card encoder combination, and it sets the time limit, changes the lock codes and encodes/activates a card all in one operation. The card carries nothing but a magnetic swipe strip.

The very first time I encountered these cards, I was told they “changed the lock codes” every time a room changed hands. That made sense then and it makes sense now. Lose your key and they can change the lock in a matter of seconds.

Sorry, I forgot about the cardreaders being on the doors themselves. We had them mounted on the wall next to the door. I don’t know how (or if) door mounted ones are wired.

I still think they are probably hardwired someway. As E1 suggested, check the side of the door with the hinges on it.

I agree with Nick, it’s not the card that knows when to quit working. From my experience, the only info the card has on it is its identification number. The controlling computer actually controls where and when the card works.

As for security and the stolen card problem, if the card is reported stolen, it can be deactivated immediately. The hotel does not have to wait until the regular espiration time for the card.

Carpe hoc!

I have a proximity card for entrance into my place of work. I’m fond of just lifting my butt (with card in wallet, back pocket) up to the reader to unlock the door, then exclaiming to the person or persons behind me “Feel my ass. It has POWERS!”

MrKnowItAll sez: “…the operator will be sicking (sic) security on you…”
(couldn’t help myself)

Nick - you’re sick, sick, SICK!

I like that in a man!

I’m thinking that there could just be contacts on the edge of the door and the doorframe that only supply power and network connection to the cardreader when the door is shut. That would explain why there are no visible wires.

Doesnt need any wiring. The manf states:
Each lock is entirely self-contained, operating on four standard 1.5V
(AA) alkaline batteries.
State-of-the-art electronic mechanism ensures minimum energy usage.
The batteries will provide power for approximately 30,000 operation.

Nickrz, MrKnowitAll, It depends on the card actually. Some of the more modern smartcards are fully capable of deciding if they do or don’t work depending on time. It really depends on the type of card. If it were a magnetic strip only, then yes, I would agree, the card knows nothing. If it were a smartcard, then maybe, depends on the type of chip used. Usually, if the card is involoved in a two way communications/encryption scheme (ie. Reader says, “Identify”. Card replies, “Me.” Reader says “Prove it.” Card replies “Proof.”), then more than likely it has a shut off at time x function that can be invoked. (Mind you, that function might be dependent on time from an outside clock though.). If the card is simply a EEPROM/NOVRAM type device, where all that is done is Reader sends a code, and card replies with another code. Then no, no time function inheirent (Though the reply code might have a timebased code inside of it.)
Smart cards a becoming fairly complex, and the most advanced ones use a signifigant number of logic gates and are in fact cut down specialized MCU’s rather than the old memory devices they used to be.
I don’t think the proximity cards of ten years ago used chips though, I think they were usually just a series of magnets oriented in various ways and the reader read the interference caused by such. But I could be wrong, its mostly dependent on the power consumption of chips ten years ago, todays cards use an induction coil in the card to power the chip from a magnetic field generated by the reader, and thus are low power devices.

>>Being Chaotic Evil means never having to say your sorry…unless the other guy is bigger than you.<<

—The dragon observes