Iterating Locks & Keys

Assa Abloy technology in action (Image credit: Assa Abloy)

Considering there are iron skeleton keys that still turn door locks in medieval castles, you’d think the technology was more than ready for disruption with the swipe of a digital app.

Turns out it’s more complicated than that.

“Mechanical key systems have always had limitations in solving the problem of access control, especially for large systems,” explained Peter Siklosi, a product manager at Assa Abloy.

“Keys can be lost without a reliable way of blocking access for those in locks, and there’s no traceability.”

In order to replace such systems with digital locks requires power, however, and you don’t want to have to install or change batteries in locks, especially in doors that aren’t used heavily (or are found in extremes of weather). Many doors don’t rely on knobs, whether for design or functional reason, which means keys are needed as tools to provide torque.

These facts raise intriguing arguments for looking at innovation that combines the benefits of digital and physical locks.

In 2002, Assa Abloy introduced CLIQ, which gave small systems the ability to program cylinders to enable or block keys. The battery to power the system was in the keys, which literally activated locks when needed.

It was an immediate hit, followed by a challenge that should have been obvious.

“The concept of programming access rights in cylinders doesn’t scale well,” said Siklosi. “Also, at the time you needed a local installation of the software on a PC to program keys and cylinders.”

So the company developed a web-based manager for admins — called REMOTE, surprisingly enough — which used the cloud to manage access rights. This made CLIQ useful for larger applications, as well as more remote uses.

But then there was the matter of updating the keys: CLIQ relied on a process called revalidation, which meant that keys could be programmed to possess finite lifetimes, which was prolonged when the keys were updated, which provided a way to block lost keys. This meant that it required a physical updater, too.

Assa Abloy iterated a solution that paired BLE chips (an energy efficient short range radio protocol) embedded in keys with a mobile phone app. The coin cell in the key could last as long as two years, depending on use. It offered the updating service without a subscription charge.

Siklosi described the security model:

“Data is protected end-to-end between the server and the key, which means that the system cannot be misused by tampering with data on the phone.”

The company won’t disclose the market share for CLIQ, nor reveal any plans for the next iteration, but just think about how many doors there are in the world that can’t, or shouldn’t be opened with the swipe of an app.