Security through viral propagation
So what? Hasn't this been attempted before? Card readers on door locks have been used to authenticate and authorize access to facilities. Typically, these readers are hooked onto networks that connect to a server hosting the access control list (ACL) and validation software. So how much of a leap is it to merge cyber and physical security? Besides, this sort of network can be very expensive. An electronic lock, says the Economist, can cost upto $5000, most of it being the cost of network wiring. Wiring up all of the door locks of say, a nuclear power plant or an airport becomes extremely costly, prohibitvely so for installations with smaller budgets. The solution these guys have devised attempts to solve that problem by using the cards themselves as the network.
The access to the ACL is decentralized and the most current copy is available to a small percentage of connected doors. Whenever you swipe a card through one of these connected doors, the access control list is transferred onto your card in encrypted form. As you walk through unconnected doors, the card lets the doors read the level of access. These unconnected doors can overwrite their copy with the newer ACL read from your card. These doors can then pass on the ACL to other cards that pass through. As people keep moving through doors, so does the ACL via viral propagation.
I would think strategic placement of connected doors and a strong encryption of ACLs on cards are key (for lack of a better word) to this security model working effectively. The idea is interesting although with my experience writing (secure and) security software, I must admit I am not totally convinced it is foolproof. This model makes the door locks about as secure as the software systems and networks. Whether the latter were more secure to begin with, is debatable.