The power of an open protocol

Issue 6 2021 Access Control & Identity Management

The Open Supervised Device Protocol (OSDP) is an access control communications protocol nurtured by a SIA (Security Industry Association) consortium, consisting of some of the smartest individuals from the security industry.

Version 2.2 of the SIA OSDP (www.securitysa.com/*osdp) is its most recently updated standard that improves interoperability among access control and security products such as readers and controllers. The standard also applies to peripheral devices such as card readers and other devices at secured access doors/gates and their control panels.

Already in use by many leading manufacturers, the SIA OSDP standard is recommended for access control installations that require advanced security or will be used in government and other higher-security settings such as data facilities and drug manufacturing programmes. OSDP supports advanced user interfaces, including welcome messages and text prompts. Audio-visual user feedback mechanisms provide a rich, user-centric access control environment.

A two-way channel and encryption pave the way for advanced security applications such as the handling of smartcards, biometrics and government applications that require Public Key Infrastructure or Federal Identity, Credential and Access Management requirements. Not only does OSDP provide a concise set of commonly used commands and responses, it eliminates guesswork since encryption and authentication are predefined.

The impact on manufacturers, integrators and users?

Among other things, it lets security equipment, such as card and biometric readers from one company interface easily with control panels and equipment from another manufacturer. In other words, OSDP fosters interoperability among security devices. It also adds sophistication and security benefits through features such as bi-directional communication and read/write capabilities.

It provides the transfer of large data sets for firmware updates or graphics from an access control unit to a reader, clearer instructions for the implementation of Secure Channel, the OSDP encryption piece, to facilitate encrypted communications and updated messages for handling smartcard applications within the protocol.

OSDP importantly offers the option of secured, encrypted communications between reader and controller. This is independent of the encryption between credential and reader. Remember, a basic definition of encryption is the conversion of information and data into a secret code. This is sometimes called a cipher. For example, let’s say your access card is programmed with the number 101. You present your card to a reader and the controller also sees ID 101 but, in between the reader and the controller, the data sent looks nothing like ID 101. The card data sent in between the reader and the controller is encrypted into a secret code.

Also, significant to highlight, OSDP is a real SIA approved industry standard. It is not a piece of technology owned by any company and thus it is not proprietary. Today, it is an open standard that is global in scope and available for use by any manufacturer.

The nuts and bolts of OSDP

OSDP is built on the RS-485 serial transmission standard. RS-485 is the physical layer, laying out the actual electrical characteristics of the signal generator and receiver. Think of OSDP as communications riding on this RS-485 physical layer. Key advantages include that RS-485 requires just four conductors, two for power and two for data.

RS-485 also provides for longer cable runs between devices, often up to 1200 metres. Also, when compared to Wiegand, which offers simple point-to-point topologies, OSDP offers point-to-point and multi-drop. Of course, multi-drop also means individually naming, or addressing, the readers in the system.

Encrypted communications between a reader and controller offer a number of real-world benefits. One is that encrypted OSDP communications can be used to prevent man-in-the-middle hacks on data lines. In this type of hack, a hacker intercepts data, then secretly relays and possibly alters the communications between a reader and door controller.

Another benefit of encryption is data integrity, a concept often overlooked. Specifically, by implementing encryption, one can trust that the data being communicated is authentic and unaltered from what was originally communicated. This is a good segue over to the subject of IT.

In our IT-centric world, the concept of IT compliance, the process of meeting a specific set of requirements for digital/cybersecurity, is an emerging need. For example, these requirements might be generated internally by corporate IT, or they may originate from outside the customer’s organisation. Think of an insurance company or government entity. Perhaps your company agrees to a standard operating procedure (SOP) of only supplying solutions as standard when encrypted. When applied, OSDP can assist in meeting this SOP.

Some ways OSDP differs from Wiegand

For years, Wiegand has been the industry standard, but it is no longer inherently secure due simply to its original obscure and non-standard nature. Plus, the multiple definitions associated with the Wiegand name have created confusion over the years. OSDP, focused as a standardised protocol between readers and controllers, moves us forward. OSDP allows devices, such as card readers, control panels or other security management systems to work together, providing the security industry with a solution that moves far beyond the widely used Wiegand standard in terms of security and functionality.

It helps ensure that numerous manufacturers’ products will work with each other. Interoperability can be achieved regardless of system architecture. For instance, the specification can handle smartcards by constantly monitoring wiring to protect against attack threats and serves as a solution for high-end encryption. The specification for handling LEDs, text, buzzers and other feedback mechanisms provides a rich, user-centric access control environment.

To again emphasise, OSDP provides the option for encrypted channel communications. Wiegand does not. Known as a secure channel, OSDP lets communications traffic between a reader and controller be encrypted. Specifically, this traffic can be encrypted via Advanced Encryption Standard (AES) with a 128-bit key.

OSDP provides two-way communications. Wiegand is a one-way street for data. For example, this lets the reader be queried as to its status. Think of this as a health check. It’s standard with OSDP, but not that easy to do with Wiegand.

Wiring requirements are also different. An OSDP cable only requires four conductors. Wiegand cabling may require five, or even more, conductors. This makes them larger, heavier and often, more expensive.

Finally, OSDP lets the data rate be adjusted. With Wiegand, that is not the case. The advantage is that larger quantities of data can be transmitted quicker with OSDP. Think of a Personal Identity Verification (PIV) card. This data could be transmitted in less time than it would take with Wiegand.

Cybersecurity convenience

Users of physical access control systems certainly desire convenience but, as equally, expect security. So, first and foremost, OSDP is more cybersecure than the most common access control communications protocol. The key is the option of encryption. OSDP typically requires less wiring, which saves money. Users may request integrators utilise existing wiring for retrofits. Additionally, OSDP constantly monitors wiring to protect against attack threats.

With other legacy communication protocols, such as Wiegand, there are three main physical ways to assault a card-based electronic access control system – skimming, eavesdropping and relay attacks. With OSDP Secure Channel, AES-128 is used to secure the transmission of data from reader to controller. Many manufacturers have already implemented OSDP and there are many other companies with OSDP devices in development. To encourage this, the SIA has released tools that will ensure that these numbers continue to grow.

To make things easier, the SIA Open OSDP Test Tool is open-source software that lets manufacturers of OSDP-compatible equipment test their products against the specification. The test tool emulates an OSDP peripheral device or an OSDP control panel or acts as a message sniffer between two ‘real’ OSDP devices. The test tool runs on several widely available and low-to-no-cost platforms and hardware. It reduces physical barriers to achieving interoperability such as shipping prototypes to numerous vendors for testing. The underlying source code, also available, is another aspect of the tool that can be leveraged by device manufacturers in developing their OSDP interoperable products.

Also, there are emerging compliance initiatives pertaining to OSDP. For instance, ‘OSDP Verified’ is being championed jointly by SIA and IDmachines, creator of the Eidola technical automation platform. SIA OSDP Verified is a comprehensive testing program that validates a device’s conformance to the SIA OSDP standard and related performance protocols. It validates that a device conforms to the OSDP standard and the related performance profiles.

A guide is furnished to find and explore products that have been verified to meet the OSDP standards (www.securitysa.com/*osdpverify). You can find which proximity readers, smartcard readers and mobile access readers comply. Such measures will benefit device suppliers and consumers alike by guaranteeing tested devices comply with all applicable OSDP requirements.

Why now?

OSDP’s promise is to offer opportunities to meet customers’ needs today and tomorrow. The adoption and deployment of OSDP will facilitate the development of new and advanced features for readers in the field. Basically, by being able to communicate to the reader from a controller, you unlock enhanced device control.

As security professionals, many of us feel an obligation to present the best security options available to our customers. And while some technology may leave you scratching your head, OSDP is logical, practical and imperative. Today and moving forward, OSDP will greatly influence electronic access control (EAC) reader and controller development.

OSDP is seeing adoption on a global scale and is a highly recommended consideration for new installs. It is suggested that those dealing with smart security in any format will want to start incorporating the use of the OSDP standard in their equipment and systems. Future versions of OSDP will continue to follow the IEC formatting conventions, enabling the always-evolving work of the SIA OSDP Working Group to be more easily adopted through the IEC standards process.

In the sales arena, OSDP should be viewed as a strong selling feature. Importantly, it offers low cost of implementation on an embedded device. You should learn it and integrate it into your presentations.

For more information contact Farpointe Data, scott.lindley@farpointedata.com, www.farpointedata.com




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Pulse fence stops diesel thieves
Issue 6 2021, Gallagher , Access Control & Identity Management
A Gallagher monitored pulse fence was installed around the whole site, including the large double leaf access gates and stopped diesel theft overnight.

Read more...
Controlling campus access
Issue 6 2021, Turnstar Systems , Access Control & Identity Management, Education (Industry), Products
Turnstar’s Tribune turnstiles ensure that only validated pedestrians enter the Cape Peninsula University of Technology which serves more than 30 000 students, several campuses and service points.

Read more...
Is my turnstile fire compliant?
Issue 6 2021, BoomGate Systems , Access Control & Identity Management
Physical access control has become a crucial part of day-to-day operations, be it a reception area with countless guests mixed with staff, or a simple factory to control time and attendance.

Read more...
Elite Truck Hire harnesses the power of information
Issue 6 2021 , Transport (Industry), Access Control & Identity Management, Products, Logistics (Industry)
Elite Truck Hire launched a search for a specialist fleet management programme that led the company to FleetDomain, a member of the Argility Technology Group.

Read more...
Transport and logistics challenges in turbulent times
Issue 6 2021 , Editor's Choice, Access Control & Identity Management, Integrated Solutions, Transport (Industry), Logistics (Industry)
Moving people and property safely and securely during these challenging times is a complex responsibility and technology is helping transport and logistics companies ensure operational continuity, facilitate uninterrupted movement and meet compliance requirements.

Read more...
Tailored access solution
Issue 6 2021, Turnstar Systems , Access Control & Identity Management
The UNISA Olitzki building is situated in the heart of the Johannesburg CBD’s financial sector and required a tailored security solution to ensure the safety of employees and visitors to the building.

Read more...
Active access control
Issue 6 2021, Turnstar Systems , Access Control & Identity Management
The Velocity automatic industrial vehicle barrier, with SwiftDrive technology, is a vehicle access control solution for areas with a need for medium security levels and high volumes of traffic.

Read more...
Controlling access where it matters most
Issue 6 2021 , Access Control & Identity Management
Philip Verner, regional sales director for the security products division of Johnson Controls, explains how CEM Systems is suited for access control in data centres.

Read more...
Fingerprint authentication added to X-Station 2
Issue 6 2021, Suprema , Access Control & Identity Management
Suprema has launched an upgraded version of its X-Station 2 access control terminal, which now supports fingerprint authentication as well as mobile access, QR codes and RFID cards.

Read more...
Integrated, cloud-based access and attendance solution
Issue 4 2021, Hikvision South Africa , Access Control & Identity Management
Hikvision has launched its new cloud-based and integrated access and attendance solution with centralised multi-site access control and time and attendance management to simplify HR operations.

Read more...