Lock Loaded
In this access control system, the power's in the key.
The importance of a good lock is oft overlooked but cannot
be overstated. As author/philosopher Ayn Rand saw it, the
very concept of civilization can be thought of
as progress toward a society of privacy, a notion
that is pretty much the fountainhead of the
Health Insurance Portability and Accountability Act
(HIPAA), a.k.a. the Privacy Rule. Designed to ensure
the protection and confidentiality of patients’ medical
records and other health information, HIPAA
became one of our civil rights in April 2003, which,
not coincidentally, was around the same time a Corvallis,
Ore.-based company named Videx came into
its own with the design, manufacture, and distribution
of its products for controlling access to such
sensitive information.
Videx started business in 1979 by creating circuit
boards for Apple computers. In 1985, it began producing
a line of portable data collection terminals
that were precursors to the handheld barcode scanners
and iButton readers it still makes today. But in
2000, building on similar “smart” technology, the
company introduced a new product—in fact, a
whole new system—that Videx Vice President Andy
Hilverda says turned the security and access control
industry on its head.
Opportunity Locks
The timing of the system’s entry in the marketplace was propitious,
fueled by the pervasive insecurity following Sept. 11, 2001, and, later,
enforcement of HIPAA. Worksites of all varieties—from utility substations
to cell phone towers to health care facilities charged with
protecting medical records or the contents of pharmaceutical cabinets
like the one pictured on this page—suddenly found themselves
in the market for a better lock.
Videx called its system CyberLock, named for its electronic
cylinders made to replace standard mechanical lock cores. Each
cylinder has a unique ID, is designed to the exact dimensional
standards of the mechanical cylinder it is replacing, and is programmed
with access codes that identify it as belonging to a company’s
own network. Each cylinder also has memory for storing
the most recent 1,100 “access events.” Hilverda says the intelligence
built into the cores was, in 2000, “a breakthrough technology,” but
adds that the truly revolutionary component of the system is
found, not in the lock, but in the CyberKey.
“Until we introduced this system, access control was based on
lock-centric types of concepts,” he says. “The lock had the power, the
lock had the processing, and the key was very passive. All the intelligence
was resident within the lock, and that was what access control
was all about.” Using as example the familiar sliding card lock system
on many hotel room doors, Hilverda adds, “With such systems, the
locks have to be hardwired in the facility, with power running into
these locks either for function or communication, and lines going
back and forth from the lock to the computer.”
To put it simply, CyberLock reversed that concept. “It’s what we
call a key-centric system,”Hilverda says. “It is in the key that you
have the power”—literally, the power of a battery (one CR-2 3v lithium)
as well as a microprocessor, both housed in the
key’s handle, which is less than two inches wide and
an inch thick. The microprocessor in the CyberLock
cylinder, meanwhile, remains passive and requires no
power, becoming energized only when in contact
with the key, which supplies all the power the system
needs, with a life cycle averaging between 2,000 and
5,000 openings per battery, depending on settings.
When the battery gets low, the CyberKey can send an
email, alerting managers.
Key Control
Managers also can program the system to audit and
send emails about the activities of specific keys (or
their owners). “I might be an individual that you
have particular concern about, and so you could
have my daily log, or the audit of my ‘events,’
emailed to you as a manager so you don’t have to go
looking for it,” Hilverda says. “So if I use that key to
open a cabinet, you know that I did that—and not
only that I did, but the day and time that I did it. It
provides a lock history, if you will, of everybody that
opened that lock up—or attempted to.”
Each CyberKey is unique and contains a list of locks it can
open, with days, times, and expiration dates, and individual keys
can be updated
“at a moment’s
notice,” Hilverda
says. A single key
can be programmed
to
open all the different
types of
locks at a workplace
and contains
an audit
trail of up to
3,900 access
events. If a key is
lost or stolen,
the locks can
immediately be
programmed to refuse access to the key. And although two keys in
the system can be programmed alike, each one will make its own
unique record of events in the system’s software.
Videx offers four different levels for managing the CyberLock
system: EntryPoint, a hardware-only system that requires no programming
software; and three software packages—CyberAudit-Web Lite, CyberAudit Professional, and CyberAudit-Web Enterprise—
with progressively broader administrative capabilities for accessing
schedules, viewing audit trails, and programming. The feature-rich
Enterprise package, which is best suited for geographically widespread
companies, allows remote access to managers who are traveling
or otherwise on the go, through Internet-enabled cell phones
and other PDA devices.
Cyber Pick
According to Hilverda, there are now about 200 different designs of
CyberLocks, with prices ranging from $150 to $200. The CyberKeys,
around which the whole system revolves, are about $100 each. Hilverda
notes that the system’s price becomes a bargain when compared
to traditional lock-centric systems that require structural
modifications or wiring for installation, which CyberLocks do not.
The system also eliminates the inconvenience and expense of rekeying,
he says, providing a key that cannot be duplicated and lock that
cannot be picked.
A note on this last point: In its product literature and on its
Web site,Videx frequently cites the “pickproof” nature of its CyberLocks,
touting them as devices “that cannot be compromised,”
but it took me about 30 seconds on Google to bring up YouTube
footage showing some yahoo purportedly demonstrating how to
do just that. Watching it, I was reminded of another Ayn Randism:
“The secrets of this earth are not for all men to see, but only for
those who seek them.”
This article originally appeared in the July 2008 issue of Occupational Health & Safety.