A method includes receiving, by a server, a request to revoke the access rights of a user device to a lock; transmitting, by the server, a revocation command to the user device to remove an access credential from the user device; identifying, by the server, one or more trusted devices that have access rights to the lock in response to unsuccessfully transmitting the revocation command to the user device; transmitting, by the server, a key change command to the one or more trusted devices including an updated key to replace a key on the lock; transmitting, by a first one of the one or more trusted devices to encounter the lock, the key change command to the lock; and replacing, by the lock, the key with the updated key such that the user device is unable to access the lock using the access credential.