Assa Abloy's eCliq stuff (similar to this) uses asymmetric crypto for some parts and symmetric for short-lived stuff. The lock cylinders in that system are updated with new CRLs when inserting a key which has been updated, and authorisations are typically pretty short-lived (we use 1 day for most stuff - engineers sync up their key via an app in the morning and then they're set - and only 15 minutes for high security things, which is enough to go find signal and get back if you're in an area with spotty 4G). The keys also pull access logs off cylinders whenever they're inserted and sync up to the server next time they're synced with the app.Dunno if this system works the same way. We went through a few of these sorts of things before settling on the Abloy solution, and most of the stuff we saw was atrocious from an infosec perspective (let alone physical). The Abloy system uses CR2032s in keys, which last a year or two, whereas this seems to do some sort of low-power networking off of mechanical energy harvesting?
No comments yet.