Locks

E-locks are typically standalone systems that replace mechanical locks on a single door. They are a way of upgrading your standard mechanical lock to an access control system, and give you additional functionality. The main advantages of an E-lock are that they can record the details of who opened the lock, and importantly, when. E-locks allow access to be predetermined. Only those with keys can open the lock, and access can also be restricted to certain times.

This could be, within a chosen time frame per 24 hours. For example, keys only work during working hours. A set period of time. For example, keys work for one week only, and then access is revoked. Or simply a key could be set for a single use only. E-locks can be separated into two main variants: mechatronic locks and fully electronic locks.

Mechatronic locks are a combination of an existing mechanical lock, with the addition of an electronic component. As with the mechanical lock, your key has a physical pattern of cuts cut into it. If the incorrect key or pattern is inserted into the lock, it will not fit or turn the barrel to unlock the door. But a mechatronic lock has the added electrical components: a motor or cam that drives the final pin, up and down.

Most mechatronic locks are suitable for retrofitting into existing doors, as they don't require extensive wiring or complex installation. And the keys are powered by nothing more than a standard coin cell battery. However, due to lowering the number of mechanical components, less pins in the barrel, to make room for the electrical component, a mechatronic lock may be physically weaker than the traditional mechanical lock it is replacing, and could be forced open more easily.

Fully electronic locks are locks that have no physical key to interact with. Instead, the lock is disabled by other means. These are typically, what you KNOW - knowledge based system, such as a pin code or password. What you HAVE - a physical item that can be contact based, like an eye button, or contactless, such as an RFID tag.

Who you ARE - Biometric verification such as fingerprint, iris, or facial recognition. WHAT YOU KNOW - Knowledge based, electronic locks rely on a user knowing secret information, such as a PIN code, and entering the code into a physical keypad on the lock. They tend to be lower security as they are susceptible to very basic attacks, such as overlooking. PIN-only systems have a fundamental weakness.

Either the PIN has to be the same for everyone, resulting in it eventually becoming common knowledge, or each person has a different pin for the lock. This can result in there being numerous correct options, so that the pin can be more easily guessed by an attacker. WHAT YOU HAVE - Contact technologies require a physical contact between the lock and a token.

For example, an eye button, and are therefore harder for an attacker to capture the data. The security of these locks depends on the strength of the encryption protecting the FOB, but can be compromised if a FOB is lost or stolen. Radio based technologies uses a device such as an RFID card to hold an electronic key. This is transmitted via a radio signal to the lock.

RFID cards should always be protected against copying. WHO YOU ARE - Biometric locks read an individual's unique bio information to grant access, and are therefore very difficult to compromise, copy, or steal. All E-locks require a power source to operate, as a mechatronic locks are designed to be an easy replacement for the traditional lock. The power source is normally located within the key itself, but it can also be located within the lock. As the power source is usually in the key,  it requires each user to be aware of its battery level, and either charge the key or replace the battery regularly. Fully electronic locks almost always require power to the locking mechanism. This allows for battery-less keys, but also requires either a battery in the lock with the potential for this to run down, or power cables to the doors, which can incur additional installation costs. With both mechatronic and fully electronic locks, you must check that even at low and no voltage, the lock remains secure.

Some locks may have a mechanical override for power loss situations, which can be a vulnerability to some systems. As an electronic system, E-locks require configuration rules to run. These decide who can go where, and when, and will require periodic updates. Updates can be distributed in different ways. Manually updated by a member of security staff - each lock has to be visited individually, to ensure all locks are updated.

This is a thorough but slow and expensive option. Updated over a network - this requires the additional expense of installing a network, and ensuring the network itself is secure. However, if affordable, this is the fastest method to ensure all locks are updated. Updated by staff - an updated key when used by staff on any lock can spread the updated information over to the system.

Whilst this is the cheapest option, this process does not guarantee that all locks will be updated, as infrequently used locks and doors may not receive the update for some time. Most E-locks will have some form of administration application, which is used to update and manage your locks. Whether this application is within your premises or is cloud based, good cyber security processes and mitigations should always be applied, in order to protect it, and the information contained on it.

If not protected correctly, this could become a vulnerability in your site security. E-locks are a relatively easy and quick way of adding a standalone security measure to your site, but they are just that, one type of security measure, and should be deployed alongside other security systems to keep your site safe from attack. For more information on E-locks and other security measures, please visit the NPSA website.