Key control

Key Control refers to various methods for making sure that certain keys are only used by authorized people. This is especially important for master key systems with lots of users.[1]

A good system of key control needs to address two questions: #1 How will you keep track of who has what keys? #2 How will you prevent people from giving away copies of the keys? The response to the first question may be as simple as assigning someone the job of keeping an up-to-date list on paper. A more complex system may require signatures and/or a monetary deposit. The response to the second question typically falls into one of the following five levels.

Level 5 (lowest): ordinary unrestricted keys. This level relies on the honor system. You instruct the users not to make copies or loan keys and you trust them to comply. This is common for private residences.

Level 4 (low): unrestricted keys marked "Do Not Duplicate". These keys can theoretically be copied anywhere, but many stores will refuse to copy them. This is a very low-level deterrent which ALOA calls "deceptive because it provides a false sense of security".[2]

Level 3 (medium): restricted keys. These keys are not generally available at retail outlets and often can only be obtained through a single source. The supplier has their own rules in place to prevent unauthorized duplication.

Level 2 (high): patented keys. By definition, patented keys are restricted. They also have the added feature of being protected by patent law. In the USA, the fine for violating a utility patent is $10,000.

Level 1 (highest): factory-only patented keys. These keys cannot be cut locally. The user must send an authorization request to the factory to have additional keys cut and strict records are kept of each key. The $10,000 fine also applies.

It is worth noting that none of these levels can protect against a user who loans a [3]key to someone else and then lies by saying that the key was "lost".

References