Many modern office buildings have smart-card-based electronic locking systems, where users wave their cards over an RFID sensor panel that checks the IDs on the cards against a central database. But this security layer usually stops at the front entrance. Installing the wiring for the access-control panels needed to make individual offices secure can cost up to $10,000 per door, so most companies just don’t do it—meaning that once someone is inside a building, they can usually roam unchallenged.
But a company called CoreStreet in Cambridge’s Alewife neighborhood is developing an alternative that could reduce the cost of a smart-card-based lock to $1,000, making it easier to imagine deploying electronic locks on internal doors. The system works by replacing hard-wired sensor panels with stand-alone, battery-powered locks and turning workers—or rather, the cards they’re carrying—into the network connecting them.
“The idea behind a ‘card-connected network’ is that the interface between the building’s control software and the standalone locks is the card itself,” says Chris Broderick, CEO of CoreStreet, which was founded in 2002 to commercialize identity-authentication technologies developed by MIT computer scientist Silvio Micali. CoreStreet announced on September 24 that it’s developing the card-connected security technology in partnership with Kaba Group, the Switzerland-based owner of Kaba-Ilco, which makes keymaking machines as well as punch-code and card-activated locks for industrial facilities, hotels, and shipping containers. The system should be available for purchase and installation next year.
In a card-connected network, Broderick says, information such as ID codes proving that cardholders have access privileges and the latest list of invalid cards is written onto employees’ cards every time they pass the main wired RFID panel at a building’s entrance. Then whenever they present their cards at internal, standalone locks, this information is transferred via radio signals to the locks’ internal memory. Say an employee resigns from a company. Their ID number gets added to the master list of invalid cards, and as people go about their days, passing by a building’s internal locks, each lock’s list gets updated. If someone then tries to use the old employee’s card, the internal locks won’t open.
“People spend a lot of money on security for public spaces, but people’s office doors for the most part have no access control on them, or if they have locks, people have no idea who has copies of the key,” says Broderick. “We’re adding the ability to have access control in locations where people typically don’t do it.”
Broderick says all of CoreStreet’s products—which consist mainly of software and appliances for generating and processing secure digital certificates—revolve around Micali’s insights about how to compress security information about individuals and move it to the places where actual transactions occur, whether on a computer network, a mobile device, “or even all the way down to a local lock in a physical locking system.” But the product in development with Kaba is one of CoreStreet’s biggest forays into the commercial world; up to now, according to Broderick, 90 percent of the company’s business has been with government agencies, who have been rushing to meet post-9/11 requirements for smart-card-security on all government computer systems.
The new Corestreet-Kaba locks could help in a number of locations—even at remote locations such as the base station structures at cell phone towers. “One of our users is a very large telecommunications firm with 10,000 facilities in the U.S., some out in the middle of the desert,” Broderick says. “You can’t run a wire out there, so they have no existing electronic access control on these towers. They can’t tell you who has been in and out.” With the new system, such information would be transferred onto an employee’s key and loaded into a centralized database the next time the employee passes a wired reader. “Since people carry around all these cards anyway, it’s a great solution,” says Broderick.
