I was employed at a large property when they installed this system several years ago, and spent a fair amount of time talking to the hotel’s locksmith during the installation. I found the system to be fairly well thought out, and fairly secure, even taking into consideration the unpredictable human element. I don’t believe that I posess any information about these locks which could be considered proprietary or confidential, nor do I believe that this post reveals any secrets that could be used to compromise security.
There is no direct communication from the locks to the key system. The locks are standalone devices, and are battery powered. They are built with a low battery warning system in them; when anticipated battery life drops below a couple of weeks, the lock blinks differently when the key is used. Housekeeping sees this, makes a note, and maintenance is dispatched to change the batteries.
On our system, each key contained an encrypted authorization code identifying which lock it was authorized to open, and an expiration date and time for the key. This also included an identifier of which key it was. For example, if the front desk made four keys, the key might say it is key three of a series of four. Out of curiosity, I ran a key through a credit card reader at the desk, and the string looked something like this:
Long encrypted authorization code, room number, key in sequence, total keys in sequence, expiration date.
In short, communication between the front desk and the guest room locks is carried by the guest key.
If we reissued keys to a guest, all previously issued guest keys for that room would be invalidated as soon as the guest swiped the new key through the lock. So if we had handed out four keys to a family checking in, and Dad lost his key, we had to make four new keys, and either give them to Dad to hand out to the family (after confessing he’d lost his key, of course), or keep the other three at the desk for the family to pick up when they got back to the hotel. Sometimes we would just have a security guard escort Dad to the room and let him in to get the key he had left behind. Occasionally a guest would complain about the inconvenience, but they usually recognized that this protected them, because the key that they had lost could not be used to enter their room.
The locks could be queried with a special printer and serial cable. You could print out a history of the last few dozen times the lock had been opened, along with a time stamp and which key had been used. If housekeeping had opened the room, you could tell which housekeeper’s key had been used. If a guest key had been used, you could tell which guest key had been used. The key issuing machine kept a log which could also be queried. If required, we could determine who had issued a given room key, and when.
The query capability was invaluable. In the first place, every single employee that was issued keys understood that this capability existed, and we had less instances of things disappering from rooms. When something did disappear, we had the ability to identify who had access to a room, and when. In many cases, we were able to demonstrate to a guest that one of their own party had been in the room about the time an object went missing.
I believe that most key card failures were tied to age. We would reuse the cards if a guest returned them at checkout, or use new cards as we ran low. Sometimes, the key machine would reject an older card as unwritable, and we’d just pitch it. However, there were probably some cards that were just barely usable at issue, and failed shortly therafter. When I stay in hotels now, I try to help the desk out with this problem by throwing away my card when I check out, rather than returning it.