What Electronic Door Lock Would You Buy? 97
zentigger asks: "I work for an ISP that supports internet in several dozen remote areas. Our POPs are typically fairly small shed-like structures, with a couple racks of equipment. For the most part, we can manage this stuff in-band, but frequently we need to have a local agent physically access the equipment for some minor maintenance work or adjustments. As time goes on, the shuffle of keys is becoming farcical and expensive. What we need is an electronic lock of some sort that can be reprogrammed remotely (preferably from a remote console via serial or directly via ethernet) that will stand up to extreme weather. Google certainly turns up lots of glossy brochures — although I don't see how they can -all- be 'The heaviest duty lock you can buy!' Does anyone have good experiences with any particular products or perhaps other means of dealing with the key shuffle?"
A GSA approved lock of course (Score:5, Informative)
Bit o' Warning (Score:5, Informative)
S&G, HID are standard (Score:4, Informative)
For mechanical lock backup, go with Medeco, Mul-T-Lock, or Abloy. All of which are immune to bumping, are restricted in key duplication, but keys are still decently available when you need copies made at a locksmith with your card.
Lastly, if you want a solution that is a hybrid, requiring only cylinders changed rather than lock hardware, you might consider the Mul-T-Lock CLIQ series. The CLIQ keys are mechanical and electronic, and the reader is in the cylinder, so no wiring of doors is needed. To remove a key from the authorized list, you just code the programmer key to remove it, then walk around and stick the key in the appropriate doors.
From a locksmith's perspective (Score:3, Informative)
I worked my way through college as a locksmith. I've always favored hardware security (keys) over electronic widgetry. Talking to a Medeco dealer about getting your locks on a solid masterkey system would give you a solid system, but allowing remote sites to be accessed- possibly by different agents each time- wouldn't work.
One solution might be Videx. I've only glossed over their literature, but they seem to have a pretty good solution in place.
http://www.videx.com/products/detail/cyberlock.h tml
Specifically, the section on how "the CyberKey Authorizer enhances CyberLock systems by providing the ability to program and download CyberKeys at remote locations." That might be too pricey for your application. I've never priced out "door" costs on Videx hardware.
Re:Can you have the locks keyed the same? (Score:5, Informative)
With high-security systems, the blanks are under patent. Only locksmiths who service those locks have access to them. With most systems, you end up with regional distributors, and if you walk in asking to get a copy made, they'll recognize it as one of theirs and confiscate it- and inform the true owner of what happened. I've actually seen that happen- it's pretty unfortunate for the guy working for a major bank to lose his job over that sort of thing. They can then mike the key and determine whose it is; if it is stamped with a serial number, it's even easier.
All bets are off if a machinist is available to duplicate it. This is made very difficult with sidebar locks such as ASSA, or with odd keys such as Abloy. A machinist would also have to duplicate the wards and angle cuts if duplicating Medeco keys.
So while the possibility is there, I have yet to hear of it happening.
Re:Using iButtons as keys (Score:3, Informative)
There used to be a "crypto iButton" that provided real copy-proof security. It could be programmed with a private RSA key, and could be challenged to produce a signature that you could then verify with the user's public key. The physical device was quite tamper-resistant so it would be very difficult for an attacker to extract the private key. However this product seems to have been discontinued a few years ago.