#8 The Digital Access Rule of One
Digital access systems are as diverse as the buildings they secure. However, historically, almost all systems have fallen into three logical categories of architecture:
- Online (Networked): Every door is connected to a central network. Permission changes happen instantly, and the user’s device (card, transponder, phone etc) doesn’t need to “fetch” updates.
- Offline (Standalone): Access rights are stored locally on the lock. Permissions must be changed manually – usually by a technician using a laptop or a specialized master card. The user’s device remains static.
- Data on Card (Virtual Network): The door hardware stays offline, but the user must “recharge” their key or card once or frequently at a central terminal. The card might act as a carrier, moving data from the terminal to the door. Often times, the card only knows their own permission and does uptate other permissions or carry data back from the door.
Each of these categories serves a purpose, but they often come with compromises. Online systems require expensive cabling or complex radio networks. Offline systems are a maintenance headache, requiring manual updates for every user change. Data on Card systems force users to go out of their way to find an update terminal or force system designers to build the system so that an update terminal is always “in the way”, e.g. by defining an outer perimeter.
For years, the industry has accepted this fragmentation. Even within a single provider, you often find a confusing “app graveyard” – different platforms and apps for different locks and use cases.
At KIWI, we have always believed this fragmentation would become obsolete. Driven by the smartphone – which essentially acts as an advanced gateway – the lines between these three rigid architectures are blurring. Following the successful launch of our KIWI Blue product line in November 2024, we are now convinced these categories are about to disappear entirely.
How KIWI Blue Becomes “The One” KIWI Blue doesn’t force you to choose an architecture; rather, it merges all three into one seamless experience that adapts to the situation in real-time:
- It acts Online: If the user’s phone has a data connection when they arrive at the door, the phone functions as a mobile gateway. Permissions are updated instantly with every time a door is opened.
- It acts Offline: For users with physical transponders, KIWI Blue stores data locally at the door. However, unlike traditional offline systems, these permissions are updated automatically in the background every time any smartphone user with the KIWI App opens the door (or rather only interacts with the door in the broadest sense). No technician is required.
- It acts as Data on Card: If a user opens a door in a basement or a signal dead zone, the phone carries the necessary authorization to the lock and “reports back” the logs to the cloud as soon as it regains a connection.
The future of digital access is One. One digital access architecture. One app for every use case. One portal for every application. (and yes, there will obviously be pure card-only use cases for the foreseeable future and we are happy to discuss if hybrid is the more correct terminology than “one”)
Digital Access System Architecture
| Architecture | Action at the Door (Hardware) | Action on the User Device (Card/Fob/Phone) | Responsibility |
| Online | None (Updates sent via network/radio). | None (Updated instantly over the air). | System Admin (Remote) |
| Offline | High (Must physically visit the door with a laptop/master card). | None (Rights are stored in the lock). | Trained Professional (On-site) |
| Data on Card | None (Lock learns from the card).* | Medium (User must visit a “Wall Reader” or terminal). | End User (Manual step) |
| One (aka KIWI Blue) | Rarely (Updates via the smartphone gateway). ** | None (Background sync via the App). | Shared |
* For some systems, lost or stolen cards need to be explicitly blacklisted
** for doors with very limited App usage, a manual update might be needed depending on use case