Hotel room electronic doorlocks

Factual Questions
1

I’m curious about how these things work, in part because we seem to encounter a somewhat significant (5 - 10%) failure rate among these cards, especially when we have duplicates, in our travels.

When you register upon arrival at a hotel, they place your electronic key card in a machine that enables it to open presumably your assigned room and it alone. Does this process involve sending an electronic signal to the door/room too that works in conjunction with the card? Does the door simply have a set of preset codes it’ll accept, one version of which the card now contains?

Any insight would be appreciated although, obviously, I’m not interested in any information that would compromise the security of such a system.

2

i have always assumed that the machine is putting a magnetic code onto the card that the door lock then reads. given that they reuse the cards, that failure rate does not surprise me, as the strip that holds the data can wear out … just like old floppy disks when you erased/reformatted and reused too many times …

3

As a quick guess, each card has a unique code in a magnetic strip (or an embedded microchip). The desk clerk either reads the existing code from the card and tells the computer that this card code is valid for Room XXX (maybe with the added limitation of “until checkout time on the last day of your stay”), or may write a new code onto the magnetic strip. When you put it into the slot at the room, the computer checks its records to see if this card code is currently valid for the room and then unlocks the door (or not).

This has the advantage of good control, as stolen/misplaced cards can be rendered useless by simply closing out the code or reservation in the system.

Problems can be due to build up of dirt on the card or on the reader, or to scratches on the card’s magnetic strip, which (if I understand it correctly) can act as notch antennas and modify the signal from the magnetic strip (cashiers sometimes wrap a piece of paper around a misbehaving card to reduce this effect). The data on the strip can also be corrupted by magnets or other electro-magnetic sources. Microchip cards work somewhat differently and are less likely to have problems but are more expensive.

4

As far as I can see, it’s exactly the same techology as you get on credit cards: a magnetic strip which encodes data about the room number, date of expiry, etc. This would be read in the same way as credit cards are when you swipe them through a reader. The reader on the door would be linked to the hotel’s main database, to check whether the person swiping the card is one of those entitled to enter the room (i.e., the person booked into the room, a cleaner, a maintenance person, etc.), and unlock the door if they were legit.

5

Until I encountered this thread, I had always assumed that the door locks were connected to the hotel’s computer and that the card contained only a code number that was validated by the database to determine if the code was valid on that date and time for that partcular door.

Then I stopped to think about it. How do these locks communciate with the computer? I don’t remember seeing any wiring harness going from the door hinges into the wall. Does each lock have a wireless transmitter/receiver? I doubt it.

I’m guessing that each lock is completely self-contained and battery powered. It probably has a unique ID/serial number programmed into it and the card is written with that ID and a begin/end date/time.

Does anyone know what technology is really at work here? Enquiring minds want to know.

6

Just anecdotal, but we were staying at a hotel a couple of weeks ago and my key card refused to work in the door of my room (although it had activated the elevator). When I went to reception, she asked if I’d kept it next to a credit card (which I had) and she said that was why and gave me a new card. Why would a credit card deactivate or corrupt the keycard?

7

I was employed at a large property when they installed this system several years ago, and spent a fair amount of time talking to the hotel’s locksmith during the installation. I found the system to be fairly well thought out, and fairly secure, even taking into consideration the unpredictable human element. I don’t believe that I posess any information about these locks which could be considered proprietary or confidential, nor do I believe that this post reveals any secrets that could be used to compromise security.

There is no direct communication from the locks to the key system. The locks are standalone devices, and are battery powered. They are built with a low battery warning system in them; when anticipated battery life drops below a couple of weeks, the lock blinks differently when the key is used. Housekeeping sees this, makes a note, and maintenance is dispatched to change the batteries.

On our system, each key contained an encrypted authorization code identifying which lock it was authorized to open, and an expiration date and time for the key. This also included an identifier of which key it was. For example, if the front desk made four keys, the key might say it is key three of a series of four. Out of curiosity, I ran a key through a credit card reader at the desk, and the string looked something like this:
Long encrypted authorization code, room number, key in sequence, total keys in sequence, expiration date.
In short, communication between the front desk and the guest room locks is carried by the guest key.

If we reissued keys to a guest, all previously issued guest keys for that room would be invalidated as soon as the guest swiped the new key through the lock. So if we had handed out four keys to a family checking in, and Dad lost his key, we had to make four new keys, and either give them to Dad to hand out to the family (after confessing he’d lost his key, of course), or keep the other three at the desk for the family to pick up when they got back to the hotel. Sometimes we would just have a security guard escort Dad to the room and let him in to get the key he had left behind. Occasionally a guest would complain about the inconvenience, but they usually recognized that this protected them, because the key that they had lost could not be used to enter their room.

The locks could be queried with a special printer and serial cable. You could print out a history of the last few dozen times the lock had been opened, along with a time stamp and which key had been used. If housekeeping had opened the room, you could tell which housekeeper’s key had been used. If a guest key had been used, you could tell which guest key had been used. The key issuing machine kept a log which could also be queried. If required, we could determine who had issued a given room key, and when.

The query capability was invaluable. In the first place, every single employee that was issued keys understood that this capability existed, and we had less instances of things disappering from rooms. When something did disappear, we had the ability to identify who had access to a room, and when. In many cases, we were able to demonstrate to a guest that one of their own party had been in the room about the time an object went missing.

I believe that most key card failures were tied to age. We would reuse the cards if a guest returned them at checkout, or use new cards as we ran low. Sometimes, the key machine would reject an older card as unwritable, and we’d just pitch it. However, there were probably some cards that were just barely usable at issue, and failed shortly therafter. When I stay in hotels now, I try to help the desk out with this problem by throwing away my card when I check out, rather than returning it.

8

I was at a cheap hotel and the batteries in my room’s lock died. Very inconveinent. I had to wait for maintenence to come up and let me in!

Are some locks hard wired for power, or all they all battery? I remember a story of a woman being electrocuted by a lock, but when I googled it, the AC was at fault.

9

Thanks for the informative post, SuperNelson. That’s pretty much what I had deduced, except for the time stamp feature. How do you set the clock in the door lock mechanism?

10

SuperNelson, thanks for the great post. The only thing that conflicts with my own experience is this part

On occasion I’ve had to get extra keys from the desk after we checked in. Usually because my son thought he needed his own key in additon to the two I got for my wife and I. In all cases, both the new key and the existing keys worked with no problems.

That being said, I’m sure that there are multiple systems out there, and what is true of one may not be on another system.

11

Very informative, SuperNelson. Thanks all for the replies.

12

I’m not sure, but I would guess that it was done through the serial port at the time of initial setup or battery change.

13

I believe that this was a decision made at the time of installation.

14

Do you, perhaps, have an eelskin wallet?

15

Not any more, Uncle, and that’s precisely why. It was buggering my credit cards.

16

That’s because they made your son’s key with the same key code as the rest of yours. It’s when they make a key with a different code that the lock stops responding to the old code. The lock has an algorithm in it that it knows what code will be used next, and when that code is used, it stops responding to the older code and calculates what will be the next code after that.

17

This is consistent with my understanding of how our system worked. My understanding is that management made a conscious decision not to allow keysets to be expanded after their original issue. As a guest, I would prefer it this way, but that may be prejudiced by my experience on the other side of the desk.

Incidentally, the same mechanism that prevented us from making extra keys prevented us from inadvertently checking two parties into the same room. Even if the computer showed the room to be empty, the key system would not let the clerk issue a second set of keys without cancelling the first set. This would prompt the clerk to double check the room status if the key machine indicated keys already had been issued.

18

This answers one question I had, but brings up another.

One advantage to these locks is that if a guest loses a card, it can be replaced, the lock reprogrammed, and anyone who finds the card can’t use it to get in to the room.

What if the person who finds the card has access to a card reader and knows the algorithm for generating the next valid code (and the next, and the next)? Could someone re-write a card to mimic the next valid code to a room, or is there a private key involved in the encrypted code and the algorithm is useless unless it’s unencrypted first?

19

The code can fit in an very small part of the card. A large part must be damaged in order for it to not work.

20

My guess (or deduction) is that each room lock has its own internal code, which it knows and the front desk knows, but you don’t. In order to predict what the next working code will be, you must know the previous code and that door’s private code, so the front desk can generate them.

Knowing only the previous key code won’t be enough information to calculate the next code even if you know the algorithm and have a card reader.