Are Bluetooth Locks Safe for Your Hotel?
Jan 23, 2019 12:40:00 PM
Hotel guests want to feel secure throughout their stay. And hoteliers strive to provide this sense of security, especially when it comes to ensuring guest rooms have the safest locks available.
In the 1980s, hotels started offering magstripe door locks and keycards. Then came RFID locks and keys. Today, a growing number of hotels are installing Bluetooth Low Energy (BLE) locks in order to offer guests the benefits of mobile key.
Despite the increased adoption of this new lock technology, some hoteliers are still unsure of how secure BLE locks are. As we’ll detail below, an encrypted mobile key solution that uses BLE locks represents the safest form of guestroom access available in hotels today.
Secure and Validated Data
Mobile key is an innovative solution that uses different technologies to make it the most secure hotel key in the market. HTTPS is a critical part of that solution by providing secure and confidential data across the entire process through encryption. If standard HTTP is like a busy freeway open to all users, then HTTPS is the secured tollroad that only allows specific data and users access.
With OpenKey, the creation and delivery of a mobile key occur over encrypted HTTPS-secured servers to ensure absolute data integrity. When the key is issued to the guest, it’s actually an encrypted ‘token’ that resides on their smartphone after delivery by those HTTPS-secured cloud servers. This means the resulting room key only works for one phone and one lock. The actual mobile device itself then validates that the mobile key is, in fact, the encrypted “token” assigned to its corresponding BLE door lock.
As the guest touches the lock with their smartphone, the dormant Bluetooth function in the lock wakes up and searches for a Bluetooth-equipped device to pair with and finds the OpenKey app on the guests’ phone. When the guest presses the key icon on their smartphone, it prompts the device to pair with the lock through the OpenKey app to unlock the door using the encrypted token through a BLE signal. This only occurs once the guest tells the OpenKey app to pair and unlock the mechanism, and only after the BLE signal between the app and lock is validated.
From the creation and delivery of the mobile key to unlocking the door by BLE, the entire OpenKey solution is encrypted, authenticated, and secured every step of the way. Also, consider the added layer of security from 72% of smartphones owners already using a password, passcode, or pattern to unlock their smartphone. The face or fingerprint recognition used in many mobile devices further strengthens this formidable level of additional security.
New technologies often carry misconceptions as users familiarize themselves with them. That notion holds true for mobile key and BLE locks as they continue to grow in popularity within our industry. Below, we’ve dispelled some of the most common misconceptions regarding these new technologies.
Digital keys work in a completely different way than RFID or magstripe keycards. Those older solutions use a single signal to unlock the door, even when multiple keys are in use. Mobile keys do not share those possible security flaws due to the previously discussed HTTPS, BLE, and mobile device technologies. Mobile keys avoid such security issues by using key changes and the following unique characteristics:
- The mobile key generated is specific to that mobile device, door lock, and a period of time (designated by the hotel)
- Any change in the above elements means a new key must be issued to make the mobile key app open the BLE lock again
- Even guests staying in the same room will have entirely different mobile keys for the door lock
- Every key is unique, never repeated, and authorized to a single device
Another common misconception involves BLE and the perceived risk of a mobile device broadcasting out its BLE signal (and the risk of a bad actor intercepting that signal). The OpenKey app only transmits the encrypted token for door entry upon request from the BLE guestroom lock – which in turn only searches for a Bluetooth device upon being “woken up” by contact with the smartphone. This token exchange occurs between the mobile device and lock within a space and time so small that interception has never occurred. By comparison, RFID keycards containing room access permission can be maliciously copied with an RFID skimmer, allowing someone to copy the keycard for unauthorized use.
The interaction between the mobile device and the OpenKey app by BLE is what distinguishes its security from RFID cards. As mentioned, the guest prompts the app to broadcast for any attempted BLE pairing to occur, and only after the BLE signal is authenticated between the mobile device and the lock. Once this secure pairing occurs, the device must still have the unique encrypted mobile key to unlock the door.
The Safest Guestroom Access Solution
OpenKey uses sophisticated and interconnecting technologies to deliver the safest hotel lock experience in the hotel industry. HTTPS, BLE, and the mobile devices themselves work in unison to provide hoteliers and guests a door access solution that is both secure and convenient. In fact, this digital lock technology is so secure, it mirrors security measures used in financial institutions and the healthcare industry for HIPPA compliance.