electronic access control

Keying Systems Part 2: Restricted vs. Standard Keyways

By Ryan Kaullen, Field Services Manager at Kenton Brothers

Keying Systems Series
Part 1: Importance of Master Key Systems and Restricted Keyways
Part 2: Restricted vs. Standard Keyways (this story)

Restricted and Standard Keyways

In a world of ever-changing physical security, the question consistently is raised: How do I bring more security to my facility through keying?
The answers are contained within knowing the options that are available between Restricted and Standard Keyways.

Restricted vs. Standard Keyways


Restricted key systems operate on a higher level of security vs. a standard key system. And yes, restricted key systems come with a minor increase in cost, but the benefits justify the added cost.

Benefits of using a restricted key system include:

  • An authorization process determines who can get keys and high security lock cylinders made/purchased.
  • They are harder to pick (open).
  • They can’t be duplicated at your local hardware store.

One of the biggest upsides of a restricted keyway solution is that there are checks and balances in place. To get a key made, you must be on the authorized user list. This means that if keys are lost or stolen, the key holder must approach management. You immediately know when a key is lost or stolen. This provides another layer of security to your facility, and lessens the time of exposure.


Standard key systems have their place in security, but they’re easily duplicated at most hardware stores. Users can make as many duplicates as they want without getting authorization. And if keys are lost or stolen, management may never know that there are keys missing until it’s too late. This scenario ultimately compromises the people, property, and possessions of your facility.

Want to know more about restricted key systems?

Physical key security is extremely important for facilities, just as important as commercial access control and intrusion. And physical key security is an important element of a complete access control security solution. If you would like to know more about restricted key systems for your company, please give us a call.

Securing the Bremer County Jail and Police Department

By Gina Stuelke, CEO of Kenton Brothers

Problem: Aging Systems protecting the Bremer County Jail and Police Department

The Bremer County Jail was last renovated in 2003 to house up to 79 inmates in a variety of configurations. Not only does this jail house inmates for Bremer County, but they also have contracts to house prisoners from other counties in the area. They also have a contract for federal prisoners.

Due to the extensive growth in these contracts, Bremer County Jail needed updated high-level security. The previous security systems were becoming obsolete and simply not meeting the increased demands. To enhance capabilities, Sheriff Dan Pickett and his team decided it was time to upgrade. Investing in a new security system would be vital for the success of the entire facility. Correctional officers would be able to utilize smart systems to increase the safety of inmates and improve effectiveness.

Sheriff Pickett worked closely with our engineering team, headed up by Brinton Hallum, to identify specific needs, desires, and expectations for the new systems of both administrative areas and the jail. The primary goal was to increase the capabilities and functionality of their security systems while centralizing administration.

Solution: Implementing Commercial Access Control and Video Surveillance

Bremer’s previous system contained PLCs (Program Logic Controls) that were outdated and couldn’t be upgraded. Our solution consolidated the previous PLC functionality with new integrations that met Bremer’s needs and allows for future expansion. Even better, the way we architected the new solution will be a seamless transition for correctional officers and will provide them a chance to focus on higher level details.

Commercial Access Control

Gallagher LogoThe new solution begins with card access control by Gallagher. This access control system then interfaces with a system of custom programmable logic controllers for general jail control, including lighting and water control. We added card readers on every cell door, every pod entry door, and intake. Users can scan their credential to not only gain access into these areas, but also turn on lights and record guard tour activity throughout the facility increasing the productivity of the facility.

The flexibility of the system assists administrators to meet Federal regulations and improve the safety and reliability of their daily operations while offering adaptability for future security upgrades.

Commercial Video Surveillance

Milestone LogoThe next step was to implement a Milestone commercial video surveillance system with Axis cameras. This specialized system was chosen to provide full prison visibility, while utilizing camera analytics to improve facility awareness and guard effectiveness.


We leveraged Gallagher’s strong integration with Milestone to make the correctional officer’s lives easier through improved administration with specific alerts for various scenarios.

For example, by using motion detection analytics in the Axis cameras, Milestone can be alerted to the presence of an inmate on one side of the door and then notify Gallagher to deny card access through that door without proper level credentials. This gives guards a chance to control and notify the entire facility from a safe distance.

Because all systems operate on this network, the Gallagher access control system can signal the Harding intercoms to alarm various high decibel alerts allowing immediate notice of security threats. This can help alleviate the margin for mistakes and reduce the opportunities for officers to be in harm’s way.

The specialized integration we have designed provides the benefit of less personnel required to manage the system and therefore offers them a way to do their job more efficiently and with greater precision. By allowing smart systems to help with the burden of security, Bremer County can be ensured that their facility will be protected with the utmost accuracy and highest level of performance.

Bremer County: Sheriff Dan Pickett“I can’t say enough good things about Kenton Brothers. They have been great to work with including a few small changes as our project progresses. Brinton has been excellent in everything they have done keeping us informed on what the next step will be. I was concerned at the beginning of our bid taking with other companies doing such a huge project. I would recommend Kenton Brothers for a security upgrade such as cameras and jail controls!!!” – Sheriff Dan Pickett

Precision Livestock Farming: Boehringer Ingelheim ushers in a time of transformational change.

By Gina Stuelke, CEO of Kenton Brothers

Boehringer Ingelheim Animal Health LogoBoehringer Ingelheim Animal Health in St. Joseph, Missouri has partnered with Kenton Brothers to provide state of the art identity and access management and commercial video surveillance technologies to protect their people, property and possessions. Not only does BI see the importance of putting security technology in their buildings… they invest heavily on the power of technology to keep animals healthy and help farmers increase efficiency.

In several pig barns, crews will install high-tech microphones that hint of things to come.

Precision Livestock FarmingThe microphones form a key part of a digital monitoring tool that records the sounds that pigs make 24 hours a day, 7 days a week. It relies on an algorithm to detect changes in swine coughing patterns before most human ears hear them. The system sends an alert to an app on a farmer’s phone or to their computer when it detects signs of respiratory distress.

Early detection of increased coughing in swine lets farmers and veterinarians collect samples and get a diagnosis more quickly, potentially improving the health of sick pigs and limiting the risk of exposure to nearby animals. That could boost a producer’s bottom line in an industry where respiratory and other diseases claim an untold number of pigs and cost hundreds of millions of dollars a year.

This innovation is just one part of a larger Boehringer Ingelheim commitment to take advantage of rapid technological change to offer diagnostic and monitoring solutions that help livestock and pets and the people who own and care for them.

‘It’s all about the data’—the quicker you receive the information, the faster you can treat the problem and have less negative impact on the animal and industry as a whole.

Pet Wearables

Precision Livestock FarmingIn animal health, the spread of new technologies has given rise to smart devices for dogs and cats and precision livestock farming, which holds the potential to optimize operations and improve animal wellbeing. The market for pet wearables alone will reach a few billion dollars in the next few years, analysts have said.

Sensors attached to and located around livestock, coupled with the power of algorithms to detect patterns in reams of data, have the potential to provide actionable items that save time and money.

Missouri Jail Administrators: Hard working, Professional and Committed

Missouri Sheriffs and Jail administrators came together in October. They’re passionate about the securing county detention centers!

Secure Credentials: Access Cards, Biometrics, Multi-Factor and Mobile

By Neal Bellamy, IT Director at Kenton Brothers

A couple of months ago, we talked about higher levels of security and Multi-Factor authentication for your computers and servers. Today, I’d like to bring that discussion back to Commercial Access Control.

Cards and Fobs are the number one method of gaining access to your building.

Card and fobs identify the “cardholder” with a string of bits (ones and zeros). Those bits are broken down to a “Facility Code” and a “Card Number”. The facility code is used to group the cards together or designate that card belongs to a certain building. Additionally, the cards weren’t originally encrypted, meaning that if you had the right technology, you could read any access card.

Even worse, on the common 26-bit access cards, there are only 256 unique facility codes and 65,536 unique card numbers. I’m pretty sure there are more than 256 companies using commercial access control. I don’t want to spend a lot of time talking about old technology… but I implore you: If you’re using true proximity cards (there are a lot of you out there), come talk with us about using an encrypted card that can’t be easily duplicated!

Okay, so if most cards aren’t that secure, how do we make things better?

Step 1: Encrypt the card

Secure CredentialsEncryption for the cards and readers has been around for a while. As an example, HID iClass was introduced in 2002. The general premise is that the card is encrypted with a Public Key Infrastructure or PKI. Then the reader is loaded with the matching key. When the card is presented, the reader decrypts the credential and gives the access control system the unencrypted credential number. This number can still just be the same 26 bits as above, but only a reader with a matching key can read the credential.

Several technologies use encryption as a base layer of protection including HID iClass, Mifare, and FeliCA. There are several variations for each type.

Step 2: Increase the “uniqueness” of the card

Now we have a card that can’t be read by every reader in the world. However, there is still a good chance, with only 26 bits, that the exact sequence of bits exists on another card somewhere. The answer is simple… increase the number of bits. For every bit you add, you increase the possible card numbers by a power of 2. (16 bits = 65,535 possibilities, 17 bits = 131,072.)

The common 37-bit format allows for 65,536 facilities (16 bits) and 524,288 cardholders (19 bits). Although 37-bits allow for more variation in the sequence, there is still a chance of overlap. An even better solution is where your “Facility code” is registered and can never be duplicated.

Several Card manufacturers offer a program where your facility code is guaranteed to be unique. HID corporate 1000 is one such offering, Gallagher does this by default.


Secure CredentialsAnother strategy for creating a unique card is to not use a card at all. Biometrics fall into this category.

The premise is that by providing a “reader” that reads a unique feature of a person and then sends the 1s and 0s to the access control system, the credential can be duplicated when all those things are combined in the right order. Hand scanners, fingerprint readers, vein readers, iris scanners, and facial recognition all fall into this category.

Biometric readers solve or circumvent many of the issues above. No encryption is needed between the credential (the person being read) and the reader because a person can’t be duplicated. The systems can even tell twins apart.

The downside to biometrics has been ease of use. Biometric systems require enrollment to create and store the “credential”. Early adopters also faced a reliability issue where the biometric was not recognized even is it was the right person. This false negative issue has mostly been resolved. With the right biometric system in place, I would argue that it is better than any card based system. It cannot be reasonably duplicated and cannot be lost or shared.

If we decide that we don’t want to use biometrics, we at least have a card that’s encrypted and probably (or guaranteed) unique. However, we still just have one form of authentication. If your card gets lost or stolen, someone has access to your facility until you can get it disabled. That’s where multi-factor authentication comes in.

Step 3: Multi-factor authentication

The multi-factor comes in many flavors. The oldest is “pin and prox” (The prox part can and should be encrypted and unique), where the person presents the credential and then enters a PIN on the reader. Biometrics can also be used as a second form of authentication. The user presents their credential and then presets their biometric. This form of biometric makes biometric even more secure than biometrics alone. Instead of the biometric matching anyone in the database, it has to match the same person that presented the card. Dual factor authentication doesn’t have to be on every door in your facility. It could be used for the exterior doors only, highly sensitive doors only, or any combination.

So far, we haven’t talked about the latest tech in credentials, which is using your phone as a card.

Secure Credentials

Using Your Phone as a Card

Multiple vendors offer a “mobile” Credential, but they all work similarly. An application on your phone receives an encrypted package that identifies who you are. When you present your phone to the reader, it sends the 1s and 0s to the access control. If this sounds exactly like a unique encrypted card… it is.

As an administrator, you can enforce the application to require a second form of authentication (Pin, Fingerprint, Face) in order to send the credential to the reader. Now you have a uniquely encrypted credential with two-factor authentication, without the headache of enrolling users in a biometric database. Mobile credentials aren’t compatible with all systems, and some systems offer easier management of mobile credentials than others. That said, mobile credentials are going to be the next wave of authentication. They provide ease of use and high security in a single package.

Want to know more? Give us a call!