These days the locks are online so that you can block a lost keycard from the front desk. Previously you had to open the lock with a never keycard than the lost one to make the lost one inoperable. That works kinda fine in a small hotel but not when you 48000 rooms with millionaires in them.
Fwiw you could probably build this in a way that it continues to operate without internet. This creates a new attack vector (disable the internet and you can't revoke access) but that's probably acceptable given the physical attacks possible.
Each key gets a revision number. When the first set of keys are created, they get revision number 0. The lock records a high water mark of the revision numbers it has seen. Only keys matching the water mark get to unlock the door.
When you want to revoke a key, you re-issue a new set with a higher revision number. When the guest checks out, you issue the next revision number to the next guest, effectively disabling the previous set.
You do all this as a fallback when the network fails. This way, you can still disable keys in real-time when people checkout of their room.
Does this use something like asymmetric keys so door can verify a key came from the issuing system or is there still some online/network portion?
Assuming it does use asymmetric keys to prevent someone from creating counterfeit access cards, there would still be a window (if the network is unavailable) where the old key would continue to work until a new key is scanned the first time on the door lock?
Currently at a reasonably-priced hotel in the boonies. Extended my stay the other day and they had to re-issue the keys. The keys must be aware of the reservation period, and the locks must be aware of the current wall-clock time. Finding a way to tamper with the RTC in the lock could blow up the whole system. Or, you know, a crowbar.
I'd imagine the locks in most hotels don't require an internet connection. Frankly I'd be horrified if my hotel room's locks depended on this horrendous WiFi.
