The power of an open protocol

Issue 6 2021 Access Control & Identity Management

The Open Supervised Device Protocol (OSDP) is an access control communications protocol nurtured by a SIA (Security Industry Association) consortium, consisting of some of the smartest individuals from the security industry.

Version 2.2 of the SIA OSDP (*osdp) is its most recently updated standard that improves interoperability among access control and security products such as readers and controllers. The standard also applies to peripheral devices such as card readers and other devices at secured access doors/gates and their control panels.

Already in use by many leading manufacturers, the SIA OSDP standard is recommended for access control installations that require advanced security or will be used in government and other higher-security settings such as data facilities and drug manufacturing programmes. OSDP supports advanced user interfaces, including welcome messages and text prompts. Audio-visual user feedback mechanisms provide a rich, user-centric access control environment.

A two-way channel and encryption pave the way for advanced security applications such as the handling of smartcards, biometrics and government applications that require Public Key Infrastructure or Federal Identity, Credential and Access Management requirements. Not only does OSDP provide a concise set of commonly used commands and responses, it eliminates guesswork since encryption and authentication are predefined.

The impact on manufacturers, integrators and users?

Among other things, it lets security equipment, such as card and biometric readers from one company interface easily with control panels and equipment from another manufacturer. In other words, OSDP fosters interoperability among security devices. It also adds sophistication and security benefits through features such as bi-directional communication and read/write capabilities.

It provides the transfer of large data sets for firmware updates or graphics from an access control unit to a reader, clearer instructions for the implementation of Secure Channel, the OSDP encryption piece, to facilitate encrypted communications and updated messages for handling smartcard applications within the protocol.

OSDP importantly offers the option of secured, encrypted communications between reader and controller. This is independent of the encryption between credential and reader. Remember, a basic definition of encryption is the conversion of information and data into a secret code. This is sometimes called a cipher. For example, let’s say your access card is programmed with the number 101. You present your card to a reader and the controller also sees ID 101 but, in between the reader and the controller, the data sent looks nothing like ID 101. The card data sent in between the reader and the controller is encrypted into a secret code.

Also, significant to highlight, OSDP is a real SIA approved industry standard. It is not a piece of technology owned by any company and thus it is not proprietary. Today, it is an open standard that is global in scope and available for use by any manufacturer.

The nuts and bolts of OSDP

OSDP is built on the RS-485 serial transmission standard. RS-485 is the physical layer, laying out the actual electrical characteristics of the signal generator and receiver. Think of OSDP as communications riding on this RS-485 physical layer. Key advantages include that RS-485 requires just four conductors, two for power and two for data.

RS-485 also provides for longer cable runs between devices, often up to 1200 metres. Also, when compared to Wiegand, which offers simple point-to-point topologies, OSDP offers point-to-point and multi-drop. Of course, multi-drop also means individually naming, or addressing, the readers in the system.

Encrypted communications between a reader and controller offer a number of real-world benefits. One is that encrypted OSDP communications can be used to prevent man-in-the-middle hacks on data lines. In this type of hack, a hacker intercepts data, then secretly relays and possibly alters the communications between a reader and door controller.

Another benefit of encryption is data integrity, a concept often overlooked. Specifically, by implementing encryption, one can trust that the data being communicated is authentic and unaltered from what was originally communicated. This is a good segue over to the subject of IT.

In our IT-centric world, the concept of IT compliance, the process of meeting a specific set of requirements for digital/cybersecurity, is an emerging need. For example, these requirements might be generated internally by corporate IT, or they may originate from outside the customer’s organisation. Think of an insurance company or government entity. Perhaps your company agrees to a standard operating procedure (SOP) of only supplying solutions as standard when encrypted. When applied, OSDP can assist in meeting this SOP.

Some ways OSDP differs from Wiegand

For years, Wiegand has been the industry standard, but it is no longer inherently secure due simply to its original obscure and non-standard nature. Plus, the multiple definitions associated with the Wiegand name have created confusion over the years. OSDP, focused as a standardised protocol between readers and controllers, moves us forward. OSDP allows devices, such as card readers, control panels or other security management systems to work together, providing the security industry with a solution that moves far beyond the widely used Wiegand standard in terms of security and functionality.

It helps ensure that numerous manufacturers’ products will work with each other. Interoperability can be achieved regardless of system architecture. For instance, the specification can handle smartcards by constantly monitoring wiring to protect against attack threats and serves as a solution for high-end encryption. The specification for handling LEDs, text, buzzers and other feedback mechanisms provides a rich, user-centric access control environment.

To again emphasise, OSDP provides the option for encrypted channel communications. Wiegand does not. Known as a secure channel, OSDP lets communications traffic between a reader and controller be encrypted. Specifically, this traffic can be encrypted via Advanced Encryption Standard (AES) with a 128-bit key.

OSDP provides two-way communications. Wiegand is a one-way street for data. For example, this lets the reader be queried as to its status. Think of this as a health check. It’s standard with OSDP, but not that easy to do with Wiegand.

Wiring requirements are also different. An OSDP cable only requires four conductors. Wiegand cabling may require five, or even more, conductors. This makes them larger, heavier and often, more expensive.

Finally, OSDP lets the data rate be adjusted. With Wiegand, that is not the case. The advantage is that larger quantities of data can be transmitted quicker with OSDP. Think of a Personal Identity Verification (PIV) card. This data could be transmitted in less time than it would take with Wiegand.

Cybersecurity convenience

Users of physical access control systems certainly desire convenience but, as equally, expect security. So, first and foremost, OSDP is more cybersecure than the most common access control communications protocol. The key is the option of encryption. OSDP typically requires less wiring, which saves money. Users may request integrators utilise existing wiring for retrofits. Additionally, OSDP constantly monitors wiring to protect against attack threats.

With other legacy communication protocols, such as Wiegand, there are three main physical ways to assault a card-based electronic access control system – skimming, eavesdropping and relay attacks. With OSDP Secure Channel, AES-128 is used to secure the transmission of data from reader to controller. Many manufacturers have already implemented OSDP and there are many other companies with OSDP devices in development. To encourage this, the SIA has released tools that will ensure that these numbers continue to grow.

To make things easier, the SIA Open OSDP Test Tool is open-source software that lets manufacturers of OSDP-compatible equipment test their products against the specification. The test tool emulates an OSDP peripheral device or an OSDP control panel or acts as a message sniffer between two ‘real’ OSDP devices. The test tool runs on several widely available and low-to-no-cost platforms and hardware. It reduces physical barriers to achieving interoperability such as shipping prototypes to numerous vendors for testing. The underlying source code, also available, is another aspect of the tool that can be leveraged by device manufacturers in developing their OSDP interoperable products.

Also, there are emerging compliance initiatives pertaining to OSDP. For instance, ‘OSDP Verified’ is being championed jointly by SIA and IDmachines, creator of the Eidola technical automation platform. SIA OSDP Verified is a comprehensive testing program that validates a device’s conformance to the SIA OSDP standard and related performance protocols. It validates that a device conforms to the OSDP standard and the related performance profiles.

A guide is furnished to find and explore products that have been verified to meet the OSDP standards (*osdpverify). You can find which proximity readers, smartcard readers and mobile access readers comply. Such measures will benefit device suppliers and consumers alike by guaranteeing tested devices comply with all applicable OSDP requirements.

Why now?

OSDP’s promise is to offer opportunities to meet customers’ needs today and tomorrow. The adoption and deployment of OSDP will facilitate the development of new and advanced features for readers in the field. Basically, by being able to communicate to the reader from a controller, you unlock enhanced device control.

As security professionals, many of us feel an obligation to present the best security options available to our customers. And while some technology may leave you scratching your head, OSDP is logical, practical and imperative. Today and moving forward, OSDP will greatly influence electronic access control (EAC) reader and controller development.

OSDP is seeing adoption on a global scale and is a highly recommended consideration for new installs. It is suggested that those dealing with smart security in any format will want to start incorporating the use of the OSDP standard in their equipment and systems. Future versions of OSDP will continue to follow the IEC formatting conventions, enabling the always-evolving work of the SIA OSDP Working Group to be more easily adopted through the IEC standards process.

In the sales arena, OSDP should be viewed as a strong selling feature. Importantly, it offers low cost of implementation on an embedded device. You should learn it and integrate it into your presentations.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Smart parking management platform
Access Control & Identity Management Asset Management, EAS, RFID
Parket builds a seamless bridge between supply and the ever-increasing, but fluid – and often temporary – demand for parking bays.

Visible-light facial recognition terminal
ZKTeco Access Control & Identity Management Products
The SpeedFace-V5L [P] is a visible-light facial recognition terminal using intelligently engineered facial recognition algorithms and the latest computer vision technology.

Facial and palm verification
ZKTeco Access Control & Identity Management Products
The ProFace X [P] supports both facial and palm verification, with a large capacity and rapid recognition.

Glide Master High Security 90° Sliding Gate
BoomGate Systems Access Control & Identity Management Products
Boomgate Systems was asked to make a sliding gate that can turn 90 degrees. The gate had to offer high security and be vandal-proof.

Informing, entertaining and communicating across your landscape
Evolving Management Solutions Access Control & Identity Management
For the first time, the attraction of large shopping malls with many stores, entertainment and food courts no longer offers enough appeal to attract customers.

Suprema’s new BioStation 3
Suprema Access Control & Identity Management Products
The brand new BioStation 3 is not only Suprema’s smallest face recognition device to date, but it also comes packed with the largest variety of features.

Suprema renews international privacy and security standard certifications
Suprema News Access Control & Identity Management
Suprema has simultaneously renewed two important international standard certifications regarding information security management (ISO/IEC 27001) and privacy information management (ISO/IEC 27701).

SuperVision biometric access control
Integrated Solutions Access Control & Identity Management Products
SuperVision is a time & attendance (T&A) biometric access control system Fourier IT has been developing and enhancing for 18 years.

Manage energy usage with Paxton access control
Paxton Access Control & Identity Management Products
Paxton provides access control systems that can integrate with existing infrastructure and manage a building’s energy-consuming activities to save energy and costs.

Why Multi-Factor Authentication, universal ZTNA and Zero Trust matter
Access Control & Identity Management Cyber Security
Malicious cyber actors are experimenting with new attack vectors and increasing the frequency of zero-day and other attacks, according to Fortinet’s 1H 2022 FortiGuard Labs Threat Landscape report.