Key management for physical access control

Whether a physical or digital key, policies and practices for their use must be in place

One way the physical keys and digital keys are exactly alike is that you cannot use them unless you actually possess the key. The obviousness of this statement for physical keys is matched by the lack of obviousness of the statement for digital keys. This stark difference in awareness is due in part to the fact that while we all understand what having a physical key means, it is not so clear what "having" a digital key means in practice.

In both cases, it means that if an interloper takes the key from you while you are in the act of using it, that interloper can subsequently use it too. In particular, in the digital key case, it means that the key is exposed in its unprotected, unwrapped, unclothed and natural form for everyone to see. That constitutes a key breach, which requires remedial action. So protecting the digital key during use becomes a high priority for key management.

There are number of decisions that go into the management of a key during its use phase. The following are just examples:

- What can this key be used for and what must it not be used for?
- How do I tell if this key has been breached or otherwise compromised?
- How often is this key updated or "rolled"?

Key management is not "fire and forget" - or, in the specific case of digital keys, "generate and forget." Best-practice key management is a continuous process that monitors the health of every key every day and is prepared to take immediate action should the health of a key start to fail. This is one reason why forward-looking companies are starting to offer key management services to its access control customers.

Key Breach

Quite unlike the management of physical keys, the management of digital keys is often disconnected from the physical manifestation of the keys themselves. One area where this becomes most evident is policies regarding key breaches.

Key breach means that some incident has exposed the key to unauthorized use. In the case of a physical key, it does not mean necessarily that a malicious person is in possession of the key; and in the case of a digital key, it does not mean that the person knows the value of the key. It just means that somebody can use the key that should not be able to.

In physical reality, key breach can mean an authorized user losing the key, or somebody making a unauthorized copy of the key. But physical key breach can also mean getting hold of a master key, learning how to bump a lock, or coming into possession of a good set of lock picks. In whatever form, the breach of a physical key - both the breach itself and the harvesting of the breach - will have numerous physical manifestations that careful observation has a very good chance of detecting.

It is quite different in digital reality. Indeed, one of the most troublesome - and most ignored - challenges of digital key management is detecting key breach. Unless something really egregious takes place whose only logical cause could be the compromise of a key, digital key breach may go undiscovered and therefore unaddressed.

Let's assume that a key breach has been discovered. In the case of a physical key loss, one remedy is to change all the locks that the breached key fits and then issue a new key to each authorized person. In almost every case, the list of locks and the list of people are completely known. Knowing the list of locks is usually sufficient, since rekeying the locks will cause the key holders to step forward and request a replacement.

What has to be done in the case of a breached digital key is just as obvious. The key has to be rolled. But doing that for a digital key is as no means as straightforward. First, the responsible key manager has to locate all the places and situations in which the digital key is being used. In the case of a physical access control system, this process might be as easy as in the case of physical key since, after all, the digital door access is replacing a physical lock. In other cases - for example cards used to log-in to computers, or for document encryption and data access - it may not be so easy to find all the breached keys.

Even when an instance of the breached value is found, changing it to a new value can surface previously unacknowledged problems. One problem can be acquiring the authorization to change the key value at all. Just because a digital key is in use does not mean that somebody can be found who can change it. In fact, there are cases in which policy decisions may make it impossible to change the value.