scary new lock design

[sevedus]

Welcome back Greyman!
The rotation of the cam is induced and maintained by striking the permutations with the pins in the correct sequence and at the correct intervals of timing. The rotational acceleration is limited by the cam mass and the force of the rewind springs (which have the effect of simulating additional mass) and the force with which the pins strike the permutations. The maximum rotational velocity is additionally limited by mechanical friction and aerodynamic drag. The insertion speed of the key then becomes a factor. Even the key that is made specifically for that lock will fail to open it if it is inserted too slowly.

The objective is to defeat the methods that “mh” discusses, of decoding the functional permutations by direct measurement of the pin displacements while the cam is static, by requiring that the sequential displacements of the pins occur within a dynamic interval. You’ll note that the cam is populated with decoy permutations at all non-functional positions in the rotational portion, also in aid of defeating such decoding by providing all pins with identical “pre-travel” to permutation contact and identical resistance loads when they make contact with either functional or decoy permutations. I believe mh is correct when he suggests that he might decode by testing each position in each rank on a rank-by-rank basis by listening to the cam rewinding when the “next rank’s” pin position is incorrect. Our response to this technique will be to intentionally generate a lot of noise (with little friction) when the cam rotates under any circumstance, and to continue to generate noise for an interval after any rotation ceases.

The stated goal of our business plan is that we should provide “near vault-quality, mechanical access control at a price that most people can afford”. So I can accept the proposition that some technicians will be capable of constructing a microphone equipped device to manipulate the pins and perhaps use a Fourier transform analyzer to distinguish the rewind noise from that generated by functional forward motion.

Our site now shows an animation of the previous (non-velocity components) operation. The archival animations show the design evolutions from the proof of concept through the current (but one last) design. The “current design” animation does not reflect the velocity function, but rather reveals the means by which we connect the outer components, (key, cylinder, cam, drive pawl) with the tang driver, which operates the bolt(s). This design allows the cylinder to “free-wheel” until full insertion of the key. Full key insertion produces first the rotational motion and then the axial motion of the cam which releases the spring-loaded drive pawl into the slot in the tang driver. Rotation of the cylinder only then drives the bolt(s). This is what I was trying to show in the most recently posted images.

These most recent posts reflect the design (other than the velocity function) which we intend to take into production. The design evolution has been a series of trade-offs amongst mechanical and statistical strength, package size, and our comfort level with the manufacturing process required. The images posted here and on our site speak only to the deadbolt form. Additional designs employ identical keyway, cam, pin-cage, and pawl components in a pad-lock configuration (which we are not yet ready to publish), with the intent of offering an extremely robust padlock keyed the same as the deadbolts.

I hope this clarifies things and I thank you again for any remarks on either NDE or brute force vulnerabilities. The design evolution has been driven largely by the feedback we’ve received (here and elsewhere) since public presentation of the proof of concept model and patent.

Stephen (sevedus) Maples

[mh]

Yes, I think the animation on your web page http://www.acersequencelocks.com/CamKey.html gives a nice view of the last-but-one concept (the one that didn't require a certain speed of key insertion)

Cheers
mh

[Itzal]

I might be missing something, but even considering the limit on the speed of the rotation, there has to be some variance in the speed of the rotation based on the speed the key is inserted, no?

This would mean that if the key was inserted too slow, when the next pin attempts to contact the permutation, it's not there yet, and the cam rewinds, correct? This seems to be what you're suggesting when you said there was a minimum insertion speed. Would this not also lend itself to inserting the key too fast? Then the cam would spin faster, and the next permutation would have already gone past some, or all, of the way, so when the pin attempts to contact the permutation, it does nothing, and the cam stops spinning, or only contacts with a portion of the force, not enough to line up the next permutation.

Additionally, depending on the limiting factors like friction etc, if you know the very first pin in the sequence, you might be able to impact this hard enough to spin the cam past all the permutations, and unlock the lock. Basically, a kind of bump attack.

[sevedus]

Hello Iztal, welcome to our little design project.

You have captured the essence of the design quite well. The trick, as I see it, will be to apply constant drag, in the form of rotary spring bias, sufficient to prevent the cam from over-speeding until the bumping attack occurs. We’d like the acceptable key insertion speed to be as wide as possible, above a low minimum. It only needs to be above zero velocity to work. Keep in mind that decoding by mechanical measurements requires zero velocity, and we only need to get a range of speeds above zero that are easy to produce during hand insertion. I’ll be happy if we can dial it in to something in the 1-4 inches/second range.

Even if enough energy could be transferred into the cam (against the biasing spring’s resistance) by the violent displacement if the initial pin in the sequence, so as to cause full rotation of the cam, that attack (alone) would still fail because the drive pawl does not release until the cam also traverses axially. The first pins in the sequence drive the cam in rotation, the last pins drive the cam axially. In order to unseat the drive pawl you’d need to deliver some very specific, vectored, impulses, in a very specific timed sequence. This would be exceedingly difficult on the deadbolt form because there’s no place to deliver the force vectors required.
You might get some traction with that idea on the padlock form, which I’m posting directly. At least with that form you could swing the hammers in the correct attitudes to vector the impulses. Of course when you drive the cam sideways so that the pawl slips out from under the trapping ledge, the permutations for rotation are out of position with respect to the pins and the rotation cannot be obtained by displacing pins until the cam returns to the axial “home position” (pawl-under-ledge). So in order to “bump” open “the bomb” you’d need to: guess which pin is first in the sequence; hammer that pin hard enough to get all 115 degrees of rotation, (where 16.4 degrees rotation would be standard for one pin’s displacement); catch it at the top of the rotation by displacing the pin that is eighth in the sequence, and; then guess the remaining five sequence positions. The pins can only be displaced enough to engage the permutations. They cannot touch and lock the cam body.

So Itzal, do you think you could “bump” open the padlock form? Or decode the cam on either the deadbolt or padlock form? Thanks for the interest and excellent remarks. I appreciate the feedback and input.
Stephen (sevedus) Maples

[sevedus]

Well, we’re still awaiting our proof piece of the velocity cam , but design progress marches on.

I mentioned earlier that we’re going to field a padlock which is key-matched to the deadbolt. In order to do this we must use identical keyway/pin/cam components and geometry. The keyway is oriented axially in the padlock cylinder rather than radially as in the deadbolt, (in the deadbolt we increased the cylinder diameter and ran the keyway radially so as to have a shallow depth front-to-back. Like the deadbolt cylinder the padlock cylinder is retained in the lock body by a fully populated ball race and retainer rings. The cylinder can free-wheel without any effect until the key is inserted.

The drive pawl in the padlock is held trapped by a spring so that it remains beneath a ledge during the cam’s rotation. When rotation finishes and the cam traverses the pawl rotates into the slot in the collet jaw spreader, displacing a ball which unseats a latch pin, releasing the spreader for rotation. Rotation of the key and cylinder now produces rotation of the spreader, being coupled through the drive pawl, and released from the detent ring. As the spreader rotates (total rotation is thirty degrees to unlock), three top-mounted pins engage with cam-slots on the underside of the collet jaws. The jaws are driven straight away on a radial path, being guided by a key in the top of the collet which runs along a radial slot in the lock body.
The bolt can now be either inserted or removed…but neither can be done without the key inserted and rotated, because both the spreader and the collet jaws are spring biased to the locked position. The jaws are biased straight in towards center and the spreader has rotary bias to the locked position, where the spreader and detent ring are pin-locked together (if the drive pawl is not holding the ball stack up).

PadlockSection1.JPG

The design is not the most handy and convenient. It takes two hands to open it and you must have the key in the lock body to insert the bolt. On the other hand, we do not believe that an attack based on either specific impulses or vibrations can succeed in releasing the bolt. It requires 7000 lbs of tensile force to remove the bolt when locked to the body, and I’d love to see the face on the guy who loads up a fresh hacksaw blade and attacks the bolt. That sleeve is very hard and very tough and if he ever does get a bite on it with his saw, it’s going to spin on him. This will hopefully make busting the lock such a public event as to deter the creeps by requiring too much sound, heat, and light to do the damage surreptitiously.

Anybody see any problems other than the convenience issue? I’m inclined to accept the inconvenience in favor of the strength against brute force destructive attack. I want the bad guys to recognize the distinctive “Bomb” shape and just move on to another target. I wonder if that’s what we should call it? Unless we missed something important then this lock is The Bomb.

Thanks for the interest and feedback.
Stephen (sevedus) Maples

[sean_1971]

I found this link to their patent PDF if anyone is interested.
http://acersequencelocks.com/Sequence%20lock%20patent.pdf

[sevedus]

Hello Pickers!
Would someone please make comments on how we should go about doing training on the re-keying (re-camming) of these locks? The new keys will come with the new cam, but removing the old cam and replacing it will require a full teardown of the lock. All the retaining balls and rings will need to be released to remove the cylinder body. The cam/pawl assembly must be broken down to remove the cam. New cams will be supplied as a built up sub-assembly of bearings/seals/springs/balls/snap-ring/assembly-spreader, reusing only the supporting shaft, which was already removed from the prior assembly during teardown. We thought to supply the cams this way because they're quite small and we'd be proving the same sub-assembly "kit" we'll have in inventory for in house builds of either dead-bolts or padlocks (same sub-assy for either).
We'd discussed offering face to face locksmithing seminars, with hands on teardown and rebuild workshops. Video demos would also make sense to me. I'm also unsure whether there's any point in trying limit the distribution of video training services. As others have noted on this site, there is a lot of unauthorised distribution of information on the internet, it would be only a matter of time (probably short) before they came out in the open. More taxing a concern is, how are we to determine which locksmiths are safe enough to ship re-key/cam kits to? We'll want locksmiths, as distributors, to either stock or order as needed the re-key/cam kits. How in the world are we supposed to "vet" them? It seems to me we've got to at least try to confirm someones business practices and ethics before doing a distribution agreement. Any thoughts please?
Thanks for helping.
Stephen (sevedus) Maples

[LocksmithArmy]

seminars are a good idea but how do u propose we take care of lockout situations(no i ddnt read the hole 14 pages of this topic, sorry)... you cant say there screwed and if the locksmiths can get thru so can the burgalers...

just askin

[sevedus]

Hello LocksmithArmy

You've gone straight to a core issue, for which I thank you. Our mission statement reads, in part, "to supply near-vault-quality door hardware at prices that most people can afford." If you install a lock which is truly "pick-proof" and "bump-proof", logic suggests that, by definition, there are only a couple of "fall-back" positions, one of which is breaking and entering. If the premises is also equipped with an alarm system, this "authorized" B & E will likely produce a police response. So notification of the police prior to the alarm/event might be prudent. This is a case where the identity of the person requesting access must be verified beyond any question, as must that persons authority to request the B&E. In this case my suggestion would be a short ladder and a glass cutter, because replacing glass is (relatively) cheap, quick, and easy. Please note that this is probably what will happen when the bad-guys reach the same conclusion about the door hardware and still decide to enter. This is exactly the result we desired, e.g., they move away from the door.
The fall-back position that we prefer and which we will recommend is the very common practice of having a spare key in the possession of someone who will always have access to it. It will be our recommendation at the sales point, that each owner of these locks find a locksmith that they are willing to trust to: do the installation in a professional manner using best practices and; place a duplicate key in that locksmiths key-vault. Comes the lockout, they call the locksmith who brings the spare key. Most people leave the spare key with a friend or neighbor or (badly) hidden somewhere outside. They can't have it both ways. Install a truly pick-proof lock and the entry options drop to either KEY or B&E. Which is our whole point.
On-the-spot key duplication is another possible fall-back position. It is one with which I'm particularly uncomfortable. In my latest post above I asked about how to "vet" locksmiths for training purposes. Same question in this case. For our own personal safety, we will not maintain a registry of what key code was used for which lock order. Only the end user will possess the key code. If the end user wishes to have additional keys or wishes to have additional locks (either padlocks or deadbolts) keyed alike, they will need to send us the code card that was sent with the hardware. Without that information we will be unable to duplicate either a key or lock. The practice of providing hardware with "factory only" key duplication is a fundamental of true security because it limits access to keys in a way nothing else can provide. We will suggest to the purchaser that the code card be placed in a secured location, such as a safety deposit box (not handy but secure) or similar storage, rather than carrying it in wallet or purse, where it might become a robbery loss.
I guess that I'm saying the exact thing that you said, LocksmithArmy, only I'm describing it as the real reason why they bought our lock in the first place, rather than a shortcoming. Absent the key(s) they are screwed because neither the locksmiths nor the burglars can "get through". I'd call that perfection for the intention! Key or B&E.
In another thread someone talked about doing re-keying service via internet/mail. It is possible that the code card image could be faxed to our facility and the print-out of the card inserted in our equipment for key duplication, but that's a bit like lifting a fingerprint and placing the print on the biometric scanner, makes me uncomfortable. Should we provide selected locksmiths with the decryption means for converting the bar-code on the code card into the bit pattern for the key? Or perhaps do the decryption in our facility: they fax the code; we decrypt to recover the bit pattern; fax the locksmith the bit pattern. If we do that, the locksmith could produce a key by installing the standard bits in a service blank (key blank with all bit positions pre-drilled). In the field they would have to forgo the laser-welding of the bits into the blank, which would render it of limited durability. They might employ a high strength adhesive or better yet brazing, to secure the bit lands permanently. We’d prefer to have authorized service providers for these situations, to whom we could provide the service blanks and bit lands, authorization codes, etc. so that on-the-spot re-keying is possible. In fact we see that as the only practical non-destructive option for lock-outs.
All of this leads us back, after a lap around Robin Hood’s Barn, to the request for comments which I posted yesterday: how can we possibly make secure the use of “authorized service providers”? In my mind this is the weak link in the security chain. If the bad guys get their hands on the code card and apply coercion to the locksmith, who then sends an authenticated service request for bit patterns, the only protection I can imagine would be to have two authentication codes for the locksmith to use. A standard authentication code could be provided to the locksmith for legitimate lock-out service, and a second authentication code, the use of which will indicate that the request is being made under duress. We‘d provide the bit pattern in either case but when the “duress” authentication was received, we’d also notify whichever law enforcement agency that locksmith had registered with us as his principal armed responder. In the U.S.A. we would probably assume that “duress”= “kidnapping” and/or “extortion”, and also notify the FBI.
If the above scenario seems hyperbolic or fanciful, please remember that the prisons are full of people who acknowledge no rules of conduct whatsoever. If the stakes are high enough, the bad guys will do very bad things, and we ignore this truth at our own peril.
LocksmithArmy, if these suggestions are not the solution you were hoping for, I’m sorry. Our goal is to provide the highest possible level of FUNCTIONAL security at an affordable price. If you can pick it or bypass it, so can the bad guys. If neither of you can do so, then we did our job properly. Please tell me how you would propose that we should qualify service providers for the lockout event.

Thanks also for bringing this issue right to the front. Readers, please give me advice on this.
Stephen (sevedus) Maples

[LocksmithArmy]

how many maser key systems are alloted with this lock

this may seem shady but...

if the locksmith installed all his locks under 1 TMK it could leave some room for master keyingat each site but would also give him the ability to have 1 lockout key... 1 kay that the kicksmith would have to be responsible for and only the locksmith and your company could know of this arrangment not even the end usercause they could tell some1 and burgalers come after the locksmith as above stated...

as for lockouts. due to the high security of this lock the locksmith would just make suer the owner was standing far away during the opening process.

just 1 idea.

[mh]

this may seem shady

indeed.

Cheers
mh

[sevedus]

Thanks to both LsA and mh for those comments.

The lock design will permit seven levels of mastering, each capable of 3000+ members in each set or subset. This would take the highest level of access to what, a (Great x5) Grand Master Key? It has been often suggested to me that such a "factory-over-ride" be employed, for just the purpose that LsA mentioned. Like mh, I believe that this would simply render the whole design, process, and concept incompetent for it's stated purpose. So, I'm very sorry to cause problems with the lockout scenerio, but I'm afraid we must either hold out for the position of "KEY or B&E" or come up with some secure means of providing lockout service only through approved and qualified vendors, who will be able to produce a key on the spot, only with the co-operation of our key-code encrypt/decryption scheme.

I am willing to consider any recomendations on how we might best accomplish this, and will be very greatful for any input on this matter.
Stephen (sevedus) Maples

[LocksmithArmy]

best guess...

so youve got a vendor... hes already taken what ever qualifications you make him so he can sell your lock... now ether he can apply to be able to make these keys on the spot or you choose them based on sales(if they have a ton of locks in the area theymay want to be able to do this) then they take another test on equipment and security and whatnot... a hard 1... then you scare the crap out of em. telling em all the bad things that could happen if they do the wrong thing with the info and equipment. you make sure they have a secure place for this equipment that only the applicant and not the other employees can get too. yes i think the dual coded system you proposed is a good idea.

also they should only make keys for owners of broke keys not for lockout purposes.

make em sign a crazy contract... you go to jail for 1,000 years and roaches will eat your family alive and youll die immediatly upon misuse of this knowledge(exageration)

and hope and prey that you wont be let down... many other lock making companies have great key controll... empliment some of the same procedures

if you need to find out the procedures and the company wont tell you(they shouldnt) you can just try and get a key. c how hard it is for the end user then it should let you know how many steps should be in your process

[sevedus]

Hello there...Life just gets more interesting!

First of all the work on the proof-piece of the velocity cam is progressing well. I'm building one at 6 times scale as a matter of convenience. (Too difficult to get true scale as a one-off right now.) Clay will be posting the animation of this design on our site soon. As soon as the scale model is complete we'll put up a VIDEO of it on the site.

Second info is maybe too off-topic for this thread but if so I'm sure moderator will so advise. We're shopping our business plan looking for financing and published an executive summary on an investors-finding web-site... WHOA!! did the scam artists ever come piling out of the woodwork? I think I'm being treated to some interesting variations of the Liberian (or was it Libian) Banks Scam, which are being pitched as near-eastern and middle-eastern financial and investment companies. The inital blip on the radar screen was the (gmail.com) return address of the senders and the kicker was that the company names are Valid Investment and Financial Managment companies, the names of the officers purporting to communicate are real people, but in one case there was a single transposition of letters in the Arabian name of the corporate email address that was given. So now I'm looking for financing as well as having to subject the respondants to scrutiny to authenticate the communications. Possible identity thefts going on in these cases. I guess what I'm reporting is that there a LOT OF BAD GUYS who DON'T EVEN USE THE DOOR.
SHEEECSH!!

I'll post notice when the video goes up.

LsA, thanks for the thoughts on locksmith vetting.

s(sevedus)m

[sevedus]

Hello

Clay just posted the animation of the components that are shared and common to both the padlock and the deadbolt design. The two-view synchronized animation shows how the key/pin/permutations work together and how the pawl is held back until the traverse of the cam drags the pawl away from the ledge, releasing it to engage either the collet jaw spreader of the padlock or the drive tang of the deadbolt. It's a pretty good visual.
Stephen (sevedus) Maples