printer friendly version

A standard for secure access control

When one thinks about open standards in the access control industry, the Open Supervised Device Protocol (OSDP) always springs to mind, primarily because it is one of the few standards in the industry and because of its utility in securing access installations. While OSDP is not a standard in every installation, it is a viable and reliable replacement for Wiegand, which is not secure.

More than security, OSDP also provides more functionality and constantly monitors for intrusions. It makes use of two wires, which allows for multi-drop installation, supervised connections to indicate reader malfunctions, and scalability to connect more field devices. It also includes 128-bit encryption as standard. To read more about the benefits and functionality of the protocol, go to www.securityindustry.org/industry-standards/open-supervised-device-protocol/.

“The OSDP standard was developed by the Security Industry Association (SIA) and has been approved by the International Electrotechnical Commission (IEC) technical committee on alarm and electronic security systems as an international standard,” explains Ernest Mallett, sales lead for the Elvey Group. The latest version is listed as IEC 60839-11-5 and is available in the IEC Webstore (https://webstore.iec.ch/publication/33414).

The acceptance by the IEC is a big deal as it means that the standard is not simply a SIA standard, but a global one, says Barry Richardson, hardware director at Saflec Systems. OSDP is already on version 2.2, meaning it is a mature standard that has been through the initial learning curves protocols like this might have to experience in real-world scenarios. And, Richardson says, this version is a mirror of IEC 60839-11-5, published in June 2020.

Is it a user requirement?

While a standard might be a good idea, getting users to adapt and make the change to something like OSDP is not always smooth sailing. However, given the ongoing cybersecurity crises the world is experiencing, OSDP is becoming sought after in large installations.

Mallett says key organisations with high security requirements have already started to ask for OSDP in their access control systems. “This is driven by the many benefits, including security, as well as support for longer distances for cabling and lower cabling cost (OSDP cabling requires 4 cores while Wiegand requires 7 cores with signalling such as LED and beeper control). Many vendors now offer OSDP as a standard feature for their readers/panels.”

As an example, Mallett refers to HID Signo readers (which were recently launched, see www.securitysa.com/10121r). They have OSDP support without requiring any additional components/add-ons (in addition to Wiegand).

“As we work with larger listed companies and corporates, we find a higher level of education and security awareness around access control. Several are now demanding OSDP.”

The reality is security vulnerabilities are not the domain of banks or insurance companies. Mallett points out that Wiegand Sniff and card cloning will continue to be a reality until companies make the move to OSDP and improved cybersecurity in general for their access implementations. The cloning tools mentioned can be purchased for around R1000.

“We strongly urge manufacturers of products we integrate with to implement OSDP as it not only makes the integration easier, but also more secure,” adds Richardson. “While OSDP uses the same or reduces the number of wires to connect, it is not as simple as connecting up a Wiegand device as there are things like baud rates and address configurations that add a little complexity.”

There is also an issue with version control and the interoperability of products running on version 1 or version 2, explains Richardson, although the protocol is supposed to be backwards compatible. However, Mallett notes that this is changing now that the IEC has adopted OSDP as a standard. Nevertheless, testing your readers and controllers is still good practice to make sure everything works as required.

What are the real benefits?

Both Mallett and Richardson note that there are many benefits in choosing OSDP over Wiegand, some more pronounced and useful than others.

“OSDP runs on a shared multi-drop bus architecture,” explains Mallett. “This allows multiple readers to be connected with less cabling cost and effort compared with the Wiegand star topology that requires dedicated cable runs between the panel and each reader.

“Depending on the panel capabilities, a large number of readers (up to 32) can share a single bus. Sometimes this is not practical, so in most cases we see up to four readers sharing the same bus. Nevertheless, this is quite an improvement compared with Wiegand. However, irrespective of how many OSDP readers are connected to a bus, the door controller will still limit the amount it can connect to.”

In most cases, Richardson adds, the speed difference would not make a noticeable difference. “The standard does however make provision for transmitting biometric templates back and forth as well as sending text messages that can be displayed. Not only can this not be done on Wiegand, but if it could, a small 256-Byte template would take four seconds to transmit over typical Wiegand speeds.”

Slow but steady adoption

While more installations today still rely on Wiegand for communications between the reader and controller, the move to OSDP is growing. Richardson says Saflec Systems has standardised on OSDP, but still provides compatibility with older equipment to ensure it can provide whatever its customers require.

“Saflec Systems is ensuring that all of our latest hardware, software and third-party integration supports OSDP and encryption technologies all the way from the database to the identification device. We have also released a converter board that even allows old Wiegand devices to be converted into OSDP.”

Elvey is a distributor for HID products (among others) and Mallet agrees that the move to OSDP is ongoing. “HID is a pioneer in promoting OSDP for its obvious benefits. It is supported in products such as iCLASS SE/multiCLASS SE readers (using the BLE/OSDP optional module), HID Signo readers (integrated in every reader), HID Mercury controllers and HID Aero controllers. In addition, we remain supporters of some of the local access control manufactures that are yet to introduce OSDP.”

Share this article:

Further reading: