Smart Access Control: Beyond the RFID Card with Nuvlock
Nuvlock: biometric + NFC + WiFi 6 access control — enterprise security in premium glass and aluminium
The classic hotel RFID card is 1990s technology still in production because it works. But “works” is not enough when your guests are paying €5,000 a night. Nuvlock is what access control looks like when you start from scratch with modern IoT hardware.
Multi-Protocol Authentication
- Biometric — Fingerprint reader, 0.3s response. Enrolled at check-in, deleted at checkout. No data leaves the device.
- NFC — ISO 14443 and ISO 15693. Works with existing hotel keycards, Apple Pay, Google Pay.
- Mobile app — BLE proximity unlock: phone in pocket, door unlocks as guest approaches.
- PIN pad — Backlit touchscreen for service staff and override scenarios.
{
"deviceId": "nuvlock-room-412",
"event": "ACCESS_GRANTED",
"method": "biometric",
"guestId": "GS-4892",
"timestamp": "2026-03-05T08:22:14Z",
"batteryPercent": 74
}
Integration with Guest Journey Systems
Nuvlock integrates with hotel PMS and superyacht charter management systems to automate the access lifecycle. When a guest checks in via the property management system, their biometric template is automatically scheduled for enrolment at their assigned cabin’s Nuvlock device. When checkout is confirmed in the PMS, all biometric data for that guest is automatically deleted from every Nuvlock device they had access to — no manual process, no risk of templates persisting after departure.
For superyacht charter, the workflow integrates with crew management: the captain grants zone-specific access (certain deck areas, tender garage, wine cellar) to specific guests, and Nuvlock enforces those permissions at every door. Access logs are automatically included in the voyage report alongside navigation and engine data from YIS.
Failsafe and Emergency Access
Every access control system must have a failsafe for power loss, network outage, and device failure. Nuvlock stores access credentials locally in encrypted flash — it operates fully offline, without cloud connectivity, indefinitely. The device has a 4-hour battery backup behind the main power supply. In a total power failure, the emergency override uses a physical NFC master key held by the head of security — a credential that is physically controlled, not software-managed.
Fire and emergency systems integrate via a dry-contact input: when the fire alarm panel activates, all Nuvlock devices receive a hardwired signal to release (fail-safe) all doors in the affected zone. This wired integration is independent of software and network — it works even if the entire IoT system is offline.
Audit Trail and Compliance
Every access event — granted, denied, or bypassed — is logged with device ID, credential type, credential identifier, and timestamp. Logs are stored locally on the device and synchronised to the cloud when connectivity is available. The audit trail is immutable and cryptographically signed — each log entry includes a chain hash linking it to the previous entry, making tampering detectable.
For GDPR compliance, all biometric identifiers in logs are pseudonymous — the log records a biometric template hash, not the template itself. The mapping between hash and guest identity exists only in the PMS, not in the Nuvlock system. This architecture satisfies both the audit requirement (who accessed what, when) and the data minimisation principle (no more biometric data than necessary is processed).
Building an IoT product?
FSS is a full-stack IoT engineering team — hardware, firmware, cloud, and mobile in one place.