Key Control refers to various methods for making sure that certain keys are only used by authorized people. This is especially important for master key systems with many users. A system of key control includes strategies for keeping track of which keys are carried by which people, as well as strategies to prevent people from giving away copies of the keys to unauthorized users. The former may be as simple as assigning someone the job of keeping an up-to-date list on paper. A more complex system may require signatures and/or a monetary deposit.
Levels
Preventing unauthorized copies typically falls into one of the following five levels.
Level 5 : ordinary unrestricted keys. This level relies on the honor system. Users are instructed not to make copies or loan keys and trusted to comply. This is common for private residences.
Level 4 : unrestricted keys marked "Do Not Duplicate". These keys can theoretically be copied anywhere, but many stores will refuse to copy them. This is a very low-level deterrent which ALOA calls "deceptive because it provides a false sense of security".
Level 2 : patented keys. By definition, patented keys are restricted. They also have the added feature of being protected by patent law. Anyone who sells such a key without permission of the patent holder could face financial penalties.
Level 1 : factory-only patented keys. These keys cannot be cut locally. In addition to the restrictions above, users must send an authorization request to the factory to have additional keys cut and strict records are kept of each key.
It is worth noting that none of these levels can protect against a user who loans a key to someone else and then falsely claims that the key was lost. Additional methods of key control include mechanical or electronic means.
Systems
Mechanical systems use a plastic peg that is attached to the key. This peg is securely locked into a numbered port and can’t be removed without an access peg. When someone authorized wants a key, they insert their personalized access peg into the port next to the key they want to remove. Then they rotate their access peg to the left while pulling out the key they want to remove. Their access peg can’t be removed until they return the key they removed to the same port they took it from and then they rotate their access peg to the right and then pull it out. When they remove their access peg it locks the keys back in the cabinet. If someone wants the key they removed during the time it is gone, they’ll know who has it because their access peg has their name on it. Electronic systems also assign a key to a small device with a microchip that is inserted into a reader inserted into a cabinet. When an authorized user requests and removes a key it records that it was taken and when it was returned. It always lets others know who has the key when others request it. Essentially, it lets management know who took the key, when they took the key, how long they had the key and when they returned the key. There will always be a complete audit trail of every key that was used and anyone who used them.