[amenghra]

Each key gets a revision number. When the first set of keys are created, they get revision number 0. The lock records a high water mark of the revision numbers it has seen. Only keys matching the water mark get to unlock the door.

When you want to revoke a key, you re-issue a new set with a higher revision number. When the guest checks out, you issue the next revision number to the next guest, effectively disabling the previous set.

You do all this as a fallback when the network fails. This way, you can still disable keys in real-time when people checkout of their room.

[nijave]

Does this use something like asymmetric keys so door can verify a key came from the issuing system or is there still some online/network portion?

Assuming it does use asymmetric keys to prevent someone from creating counterfeit access cards, there would still be a window (if the network is unavailable) where the old key would continue to work until a new key is scanned the first time on the door lock?

[themerone]

I think this is similar to how most hotel locks work.

[ryukoposting]

Currently at a reasonably-priced hotel in the boonies. Extended my stay the other day and they had to re-issue the keys. The keys must be aware of the reservation period, and the locks must be aware of the current wall-clock time. Finding a way to tamper with the RTC in the lock could blow up the whole system. Or, you know, a crowbar.

[foota]

I don't think a crowbar attack will work in this case, I doubt you'll be able to get the lock to talk. /s

[themerone]

I've extended stays without needing new keys. There could be wireless updates, or resetting the lock is done when housekeeping preps the room.

There are definitely multiple solutions that don't depend on a server to authenticate every unlock.

[ryukoposting]

I'd imagine the locks in most hotels don't require an internet connection. Frankly I'd be horrified if my hotel room's locks depended on this horrendous WiFi.