Physical Access Building Access

Authorize people.
Not tokens.

Your employees already have a government-issued digital identity. Use it for building access — and eliminate per-user credential costs entirely. No rip-and-replace. No new tokens. No per-user fees.

Request a Custom TCO Analysis ← Physical Access Overview
$0 Per-user credential fees
0 Panels replaced
< 150ms Authorization time

Plastic is insecure. Mobile credentials are expensive.

The industry is stuck between two broken options. KeyShare introduces a third: use the credential your employees already carry — their verified digital identity.

Plastic Cards & Fobs
  • Lost, shared, cloned daily
  • 15–25% annual replacement rate
  • No identity binding
  • Deactivated cards still in the wild
Mobile Credentials
  • $4–$17 per user, per year
  • $170K/year for 10,000 users
  • Vendor lock-in per platform
  • Still a transferable token
KeyShare Identity Access
  • $0 per-user credential cost
  • Uses government-issued digital ID
  • Runs on existing Mercury panels
  • Can't be shared or cloned
How It Works

Enroll. Tap. Access.

The KeyShare Panel Application runs on your Mercury controllers. No cloud round-trip for door openings. No PACS changes.

1
Enroll

Admin enrolls employee via KeyShare Connect or by verifying a physical ID. A site-specific UUID is generated and pushed to the panel manifest.

2
Tap

Employee taps phone at a KeyShare Ready reader. Reader authenticates the digital ID via ISO 18013-5.

3
Authorize

Panel Application derives the UUID and validates against the cached manifest. Sub-150ms on-premise authorization. Standard credential number passed to PACS.

4
Access

PACS grants or denies access using its existing rules. Door opens. The PACS didn't change. The rules didn't change. The credential did.

Why This Is Different

Identity vs. token-based access.

Plastic / Mobile Credential KeyShare Identity Access
What you authorize A token (card, fob, app credential) A verified person
Per-user cost $4–$17/user/year (mobile) or replacement costs (plastic) $0 — site-based subscription
Shareable Yes — cards are shared constantly No — identity is non-transferable
Infrastructure change New app, new vendor, potential panel swap Software add-on to existing Mercury panels
Cloud dependency Many require cloud for every door opening Zero — on-premise panel decisions
Authorization speed Varies — cloud latency dependent Sub-150ms on-premise
Benefits

What identity-based access unlocks.

Eliminate Credential Costs

No per-user fees. No replacement card costs. No vendor-issued tokens. Employees use the digital identity they already carry. Site-based subscription pricing.

Non-Transferable Access

A verified digital identity can't be shared, cloned, or lent to a colleague. You authorize the person, not a token that could be in anyone's pocket.

No Rip-and-Replace

The Panel Application runs on your existing Mercury controllers. Your PACS sees a standard credential number. No API changes, no middleware, no migration.

Zero Cloud Dependency

Access decisions happen on-premise on the Mercury panel. A cached, cryptographically signed manifest means doors keep opening even if the cloud is unreachable.

Sub-150ms Authorization

Panel-level authentication. No cloud round-trip. The door opens before the employee lifts their phone from the reader.

Hybrid Transition

Employees with mDLs use identity-based access immediately. Everyone else keeps their existing cards. No switch-over day. Both populations managed from one console.

Technical Details

Your infrastructure. Our intelligence layer.

  • Intelligence lives on the panel, not the cloud or reader
  • Reader authenticates digital ID via ISO 18013-5
  • Panel derives a site-specific, non-reversible UUID
  • UUID validated against cryptographically signed manifest

  • Panels: Mercury Security LP and MP controller series
  • PACS: LenelS2, Genetec, Acre, RS2, Access It (via Mercury)
  • Protocol: OSDP v2.2 over RS-485
  • Output: Standard credential number — PACS sees a normal card read

  • FIPS 140-2 validated cryptography (wolfSSL)
  • No PII stored at readers — selective disclosure per ISO 18013-5
  • Non-reversible UUID binding — no PII on panels
  • Aligns with ITAR, HIPAA physical access, SOX controls

  • Enroll via KeyShare Connect or by verifying physical ID
  • Site-specific UUID generated and pushed to panel manifest
  • Revoke in PACS or KeyShare Connect — UUID removed at next sync
  • Forced manifest sync available for immediate revocation
Use Cases

Built for scale. Built for security.

Enterprise · Multi-site

The Enterprise Campus

10,000+ employees across multiple buildings. Mobile credential costs projected at $170K/year. KeyShare eliminates the entire line item with site-based subscription pricing.

Impact

Credential cost goes from $170K/year to $0 per-user. Non-transferable identity replaces shareable badges.

Regulated · Defense / Healthcare

The Regulated Facility

ITAR, HIPAA, or SOX compliance requires verified identity at every access point. KeyShare provides cryptographic identity verification — not just credential validation.

Impact

Every door opening is identity-verified. Full audit trail. FIPS 140-2 cryptography. Zero PII stored at readers.

Commercial · Multi-tenant

The Multi-Tenant Building

Property managers credential tenants across multiple companies. Each tenant's employees use their own digital identity — no building-issued cards, no per-tenant credential management.

Impact

Tenant onboarding/offboarding becomes instant. No card inventory. Property manager controls zones, tenants manage their own people.

Explore More

Access is just the start.

Building access and visitor management share the same platform, the same readers, and the same identity verification engine.

Visitor Management

Every visitor verified. Every visit logged. Identity-verified check-in with zero biometric retention. Temporary credentials via mobile wallet or badge.

Learn more
Physical Access Overview

See the complete physical access platform. ROI calculator, integration matrix, system integrator program, and FAQ.

Learn more

Ready to drop the credential tax?

Request a custom TCO analysis — a personalized savings report based on your headcount, current credentialing method, and infrastructure. Designed to take to your CFO.

Request a Custom TCO Analysis Calculate Your Savings