OSDP Access Control Guide

By Brian Rhodes, Published Jun 04, 2019, 10:53am EDT

Access control readers and controllers need to communicate. While Wiegand has been the de facto standard for decades, OSDP aims to solve major problems of Wiegand.

In particular, OSDP's benefits:

  • Bidirectional Communication, Including reader displayed feedback
  • Standardized biometrics integration with access systems
  • Handling large amounts Of credential data
  • OSDP's 'Secure Channel' version supporting data encryption

However, the protocol has several significant issues impacting adoption, including:

  • Unclear OSDP versions and profile definition
  • Lack of OSDP conformance checking
  • Vendors claiming only 'OSDP Support' is not enough
  • No Official OSDP 'Conformant Products' directory

This report examines those issues and more basic details including:

  • What OSDP Does
  • Why OSDP Is Needed
  • How OSDP is Organized
  • What OSDP's Profiles Are
  • Performance and Wiring differences between Wiegand and OSDP
  • What 'Secure Channel' means for OSDP

What **** ****

**** ********* ************* ******** between ******* *** ***********, eliminating *** **** *** 'proprietary *******' **** ***** 3rd ***** *********** *** readers ** *********** *** those ******* ***********. ****** functions *** ************, ********* how ********** **** ** sent, *********, *** *********.

******** ******** **** ** which ******** *** ****** displays, *** ********** ****** or **** ********, ** even *** **-*********** ********* verification ***** *** **** standardized. *** *** ****** market, ****'* ********* ** the ************* *** ** used *** *** ***** interoperability **** **** *************.

Why **** ** ******

****** ********** ******* ***** do *** ****** ***** own ******* *** *********** (and **** *****), *** the ********* *** ***** interoperability *** **** ******* by ******* *** ******* decades.

*******, **** ******** ** expands **** ******* *** maximum **** ********, ***** data ******** *****, ************* communication, **** **********, *** two-way ********* **********.

ODSP *** ********

*** *** ******** ****** up ***** ********** *** expands ** *****:

  • **-***********: ******** ************* ** travel **** **** ******* changes ** **** ****, even ******** ****** ********* like ****, ******* ********, or ******* ******** ** be ******* ***********. ********* on *** ******, ******** like ******** **** ** text ****** *** ****** based ** *** ****** of *** ****** ****** the ******.
  • ********* **********:**** ****, ******** *** be *********** ** ******, with **** ****** ******* of *,*** *****, *** layered ** ******** ********. This ***** **** *** more **** *********** ** bit ********* *** ******** as ******* ******** * credential (***********, ****, ** card) ** * ****.

How **** ** *********

************* **** ********** *** profiles ** ***********. ** the ****, **** ******** have **** ******** ** a *****-**** ********, **** versions ******** ** ****, 2014, *** ****. *** current ********** ******* ** 2.1.7, **** ****.

*** ******** ******** ** OSDP ******* **** ******** and ******** **** ****** products *******, ** *** maintains ******* ********* '**** profiles' ******** ******* *************** based ** **** ** product. ***** ******** *******:

  • *****: **** ******* ** the *** **** ******* card *** *** ****** card ******* **** ******* at * *******
  • **********: **** ******* ********* '2-way ************' *** ********* readers, ********** ********* **** central ****** *******.
  • ******** ****** ****: *** ****** ******** to ******** **** ***** card ****** ** ******** security ************* *****, ** ****** ***********, this ******* ********* ************ formats *** ***** ** complex ****.
  • **********: *** '*******' ******* that ** *** ******* reader ****** *******, ********** support, ** '*****' *****-**** message *******.

Generic **** ******* ******

******* ******* ******** '**** compatibility', **** ***** ** not ****** ** ****** which ********, ********, ** features *** *********. ******* SIA, *** ****** *********, make **** *****.

*** *******,**** *** ****** ** reader **** ******' ****' support*** **** *** ******* which ******* ** ******** are *********:

*** **** ** ******* regarding **** *****/******** ** OSDP ******* *******, *** when ***** ***** ****, SIA ******** ************** ** buyers ** **** **** clear:

*** ***access ******* ****** **** ** *********** **** ***** ******* on the OSDP profiles that they support, Basic, Secure Channel, Biometric, etc. While this system of communication and trust was not too much of an issue when only a few vendors were offering OSDP solutions we realize that this model will not work for long, and as stated, we will be working to address this.

**** ****** *********** *** significant ******* ****** ****** face **** ********** ****.

Limits ** ********* ****

** ******* ******** ** profiles *** ********, *** ability ** ******* ******** hardware ** *** ***** is *** ****** ********.

** *******, ** ******** designs ******* ********** ******** resources *** ******* ** update ******** ********, * simple ******* *** ** done ** ********* *********.

*******, ****** ******* *** control ****** *** ***** 'computing ***********' ******* **** cannot ******* ***** ******* or ********* ************* *** they **** ** ********** replaced.

* ****** ******* ** this ** ***** ** Mercury ******** ******, **** the ***** '****** *' SIO ****** ****** '****** 3 *********'.

*** ** *** ******* factors ** *** *********** of '****** *' ******** was ********** ********** ******* to ******* **** ********** released **** ******* *.*.* 'Secure *******', ***** ***** devices ******** ***** ************* ************ **** * firmware ******.

Comparing **** **. *******

*** ***** ******** ** both *** ******** ** this *****:

OSDP **********

*******, **** ******** ******* new ******** *********:

  • **** ******* ******: ****** *******, ***** OSDP ******** ***-******** ****** terminals *** **** ****** colors *** *** ******* additional ********** ********* ********* in *** *****, *********** driving ********* ********** *** adding ***** *****.
  • ******** ********: ** ********* *****, no ****** **** ******* is ************* *** **** than *** **** ******* is ******, ********** *** needed **** ***** *******. (See '******** **** ********' above *** **** ******.)
  • ****-******** ***********: *** ****** ** claim *********** ********, *** similar ****** ** ************* ****** ONVIF ***********, *** **** ** manufactures ****** **** *********** is * *********** **** and ****** ***********.

OSDP ****** **** ********* ********* & *****

**** ******* ******* **** Wiegand *** ****, *** require ***** ******** ********** for ****** ****.

*** ***** ***** ***** an ******* ****** ********** both ********* **** ******** wires ** ******* ********* on ****:

**** ******** **** *** conductors *** **** *** two *** *****, ***** Wiegand ******** *** **** for ********** ****** *********.

*******'* ***** ********** ****** in ************* ***** ******** with ******* ** *** wires ** ****. ** OSDP ******* **** ***** pigtails, ** ** *** to ******** ****** ******* or **** *********** ** an ******.

*** ******** *********** *** this*** ****** ** **************** ****** ** ***** are ******** ** * pigtail. *** **** ******, the '***/*****' **** (**-* terminal) *** '***' (**-*) connectors *** ********* *** OSDP:

****** *******, ***** '*****' and '*****' *** ********* standardized ******, **** **** colors *** ***, ***** can **** ** ********* confusion.

Not * *** *** ** **.** *** ****** *****

**** **** ******* ** mitigate ** ******* *** fully ******* ************* **** of ***** *** *** formats, **** *** *** detailed ****** **** ****** ******* With **** $** *** 125kHz **** ******,

******, **** ** '******'********* ******* ** *********** *** ****, ** the ****** ************ **** upstream *********** ***** ** unencrypted ******** **** ******* the ****** ** ********** to ******* **** ********* and *********** **** *****.

'Secure *******' **********

******** ******** ******* *.*.***** ***-*** *** ********** on **** ******* ****** and **********. ******** ******** of **** *** *** support **********, ** ** was *** ******* '*********' until ****.

**** **** ****** *******, the ******** ******* ****** and ******** ********** ** encrypted ******* **** ************ and ********* ******* **** 'man ** *** ******' devices. *** *******,*** ******, ************ ***** ***** 60 *******, *** ** done **** *** ******/********* side ** *** ****, and ** ************ ** the ****** *** ****** managers.

****** ***** ****** ****** is ********** ** *** risk ** ******* ******* when ******** *** ********* in *** ******. *** card *********** **** ********* can **** ** **** to ****** ********* ****** of ***** ***** ** to ****** ***** ******* signals ** ******* ********* readers ********.

*** ***** ***** ***** how ***** ******** *** typically *********:

******* ******** *** **** and *********** ** ***, with **** **************** ~$** - $** online.

Reader ********* ****** ********

*** **** ******* *** possible *** ******* ** the ******* ** **** system *********** *** **** prompts ** *******.

**** ****** *** ********** messages ** ** ********* to *** *****, ******* numbers *** ******* ******, and *********** **** ***** and ***** ** ** shown *** **** ***** applications:

** ****, *** '**********' OSDP ******** **** *** support **** ******* *** is **** ********* ** the '*****' *** '*********' versions.

Biometrics *******

** *********** ****** ** OSDP ** *** ********* authentication ** ********* ***** the ************* **** ******* between ****** *** ******.

******* ******* ********** ******* biometric ******** *********** ****** the ****** ** ********* stored ** *** ****** or ***** *********** ***** application, *** ***** **** offloads ******** ******* ** access ******* **** **** them **** ** ******* only **** ****** ** demand.

*** ***** ***** ***** how *** ******** ********* works:

*** *-*** **** ******** allows *** *********** ****** verifications, ******** **** **** will *********** ** * future ***** ** **** Biometrics ****.

Reader *** ********** ******* ********

** ****** ** ***** OSDP **** ** *** well **********: **** ****** and ********** **** ******* the ********.

****** *******, *** ******* protocol **** ***** ******** no ********** ************* ****** install, **** ********* ******** setting *** **********, ** the ***** ***** *****:

***** *** ******** ** 'auto *********' *** **** in **** ********,**** ******** ***** *******, *** ********* ************* is *** **** ** the ******* **** *************.

Controller ********* ******** ********

** ****, **** *********** call *** *** *** of ********* ** **** readers, ********** ** **** cable/ ***** ******* ****** runs ** ***** *** may ** * *******:

***** '***-**-****' ********* *** not ******** **** ********* alarms, ********* **** *** reader *** ** ****** is *** ******* **** Wiegand *** *** ** an **********, ****** *******, additional ****.

Self-Policing ***********

*********** *** **** ** false ****** ** **** SIA **** *** ***** or ******* ******** ******** OSDP ***********, *** ** external ***** ** ****** to ** **.

*** *********:

'***** ** ** *** party **** ******** ****** of **** **********. *** OSDP ******* ***** (**) started *** ** * small ***** ** ******* working ** ********* *** adding ** *** ****** OSDP ********* ***** *** them ** ****** **** they *** ***** **** correctly.

*** **** **’** **** a ***** ** *** number ** ******* ************* in *** **** ** and **** ******** ******* we ******* *** **** for * ************/************* ******* and *** ******* ** that ******* ***.'

********* * *********** ******* tool*** *** ******* ** not * ****** ***, requiring **** *********** ** tehnical ***** ** ***.

No **** *********** ****

******* ************ ** ***** is ** ********* ******* list ******* ***** ******* are ********** *** ***** are ****** ******** ******.

***********, *** ********* * list ** '**********' ********** *** ******* **** claim, **** **** *** offer ** ***** ** a ******* ***.

OSDP ******* *******, *** ***** *******

******* ******** **** ******* are ****** ********** ********** access ****** ********* *** Global/Mercury ********, ********, ****, Software *****, *****, *******, Farpointe ****, ********, *** Cypress.

** ***** ** ******* not ********** ****, '***********' brands, *********, *** **** distribution ****** ***** **** ProData *** ** ***.

*** ***** **** *** number ** ******* ********* OSDP ********* ** '****** 40-50, *** ******** ***** peripheral ****** (******) *******'.

*******, ****** *** ********** or ********* *********** ******* of ******* ******* *** better *******, *** ****** may **** ******** ******** and ********** ********* *** the **** ******* ******* standard.

Comments (45)

*** **** **** *** surveys ** *** **** integrators ******** ********* ****** control ************* ***** **** over *******?

**** ** ****, *** we *** ******** ** include **** ******** ** an ******** ******.

* ******* *** **** percentage ** ******* ***** low *** *******.

* ******* *** **** percentage ** ******* ***** low *** *******.

**** ** *** **** of ****** ******* ;)

**! (***:** ****** ******** ***** Ipv6?)

** ******** ** ****: I ***** **** '*****' a ********* ***** **** IPv4 **** *** ** solved ***** **** (**** bit ********* ** ****, for *******), *** **** 'fixes' ******* ******** **** cannot ** ***** ** 'tweaking' ******* *********.

***** ** ******** *** its ** *** ******* in * ****** ** large ***********.  ** ***** cases ***** ** * valid ******** **** *** the **********.  *** **** there ** *** **** business (***** *** *******) risk ********** ** *** broad ******.  ** ** also ********* *** ** sell *** **** ***** time ** ****.  *** OSDP ****** ******* ************* is ******** **** *** from ** ************* ******** perspective  ** ***** *** can ****** ************* *** interoperability ****** * ****** wide ******* ***.  *** of ***** ****** ***** to ******* ******** **** (in ** ****** ******* ;-). 

** ** ****** ** least, **** *** ******* and **** ***** ** not ******* **** *** new ********** *************. *** is ** **** ** the ** *** ****** when ** ***** ** new ******* *** ****? It ***** ** *********** to **** *** ***** OSDP ** ******** *********.

*** **** *** *** users, **** ***'* ****** have ******** *********. *'** seen ***** ***** ** tenders:

*. *** ***** ***** tender, **** *** *** user ***** *** *******/****** designer *** **** ******* cannot *********** ** *** second *****, ************.

*. *** ********** ******* an ***/*** ** ** end-user ******, ***** ** hard ** ********** ** win ** ******* **** (corruption). ******* - *** require *** ********** ** have ** ***** * ABCD ********* *********, *** you **** **** ***** are * ********* ** the ****** **** *** qualified. *** **** * deal **** ***** ****, provide *** ****** ** they **** **** ** submit *** ******* *** solution *** **** ********. You *** **** *******, they **** *** *** next *** **** ***** customer.

*. *** *** ** the ******** ***, **** the **** ****** *** their ********* ** *********** in *** ****** *** then ********* *** ********. Again, ********* *** ****** usually ********.

*** **'* ** *** industry **** *** ******** has * *** ** money ** *****.

** **** *** ******* Europe. ***, ** **, people **** ****, "** need ****** *******" *** the ***** *** ****** something **** ********** *** struggling ** ********* *****. Usually, ** ************ ********** or ***-**** ********* *** involved. ****** **'* * 200+ **** *******.

** ********* ******* ****: **** **** ***** ********** 2019

**** *** *** “*******”, does **** ***** ** the ******** ***** ********, i.e. *** ******, ** the **** ********, ** both, ** ** * not ****** *****?

**** ** ***** ** “TCP/IP” *******?

'*******' ** *** '********', although *'** **** ********* that '*********' *** ******* bi-directional ***** ******* ** not.

*** **** ***** **** for ******* ** ****** always ******/***** *********, *** it ***'* *********** *** or ******** *****.  ***/** cabling ** * ***** that *********** *** ******* specific ** ********.

*******' ** *** '********', although *'** **** ********* that '*********' *** ******* bi-directional ***** ******* ** not.

** ** ***** ****** to *** **** * given ****** **** ** Wiegand *******, *** **** the **** **** **** that **** ** (** least **** ***** ****) in ******* ******, **** when **** ****** **** OSDP ** *********** ** the **********?  

** ***** ********* ******* refers ** *** ****** scheme, *** ********* ** the **** ******, *** maybe *’* ********.

***/** ******* ** * label **** *********** *** cabling ******** ** ********.

** ******/*****?

** ****, ******* ** not * ******.  ** previously **** ********* * contactless **** ******, *** it *** *** **** a '******' *** **** years/decades, ** ** ****** access *** ** ********* only *** **** **** between ****** *** **********.

******* ** *********** ******; every ******* **** ** the **** ** ********** as * '***' ** the **********, ***** **** essentially ** ******* **** structured, ********** ****.

****'* * *** ** a ************** **** ******* how *** ******* / OSDP ****** ** ********* and *****, *** ** helps ** ********* *** difference ***** ***** *****.

***** *******. **** ***** OSDP ******* *** ***********, does *** ****** ******* software **** **** ** support ** *** *************?

***.  *** **** ** typical, ** *** *********** are ********** ** *****-***** devices ******* ** *** management ********.  ** *************, the ************* ******* ** the ********** *** *** software.

****** *** *** **** question!

*** *** ********* ******* directly ***** *** ****** command **** ****, ** addition ***** *** * number ** ***** ******** that ***** *** ** test, ****, ******, *** also ** *** ****** information **** ** ****, model, ****** ****** *** firmware *************. ***** ** open ****** ** ** able ** ** **** as **** ** *** Eidola ******* **** ** provide. ***** ** **** the ******* ** ** file ******** *** ****** readers.

********* ** *** ****** there ** **** ************* that *** ** **** independently ** *** ****** control ******.  ** ***** points *** ** ** easier ** ** *** readers **** ***********.  ** IDmachines ** **** ********* tools ************ ** **** this ***.

****** *** **** *******, IDmachines *** ********* **** SIA ** *** ** the ***** ** * series ** **** *********, 25 **** ** *** Headquarters.  ** ** **** of ** ******* ****** to ******* *** ****** chain ** ******* *********** and ****************, ******** ***** of *** ********* ******.  *****://***.****************.***/********-*********/****-**********-******-********/****-****-****/   *** ****** ****, for ********* **** ****. 

** *** ******* ***'* world, **** ** ******** mandatory **** ******* ****** for ****-** ******* ***** taken ********* *** ******* flowing ******* ****** ** happen.  

*'* **** ********* **** the ****** ***** **** not ******* *******, **** OSDP. ********* *** **** people **** *** *** install ** ******** ** does. 

**** ****** *** *********. Also **** *** ***+.  When * ***** ***** you **** ** ******* the ****** *** *** expander. ****

***** *** ******* **** statement ** * *****?  Not **** * ****** the "**** * ***** fails *** **** ** replace *** ****** *** the ********"  ****. 

*** ***** ** *** replacement *** *** ***** as **** *** ***** away. ***** ** ******* only *** *** ***** is **** ****.

* *** *** ***.   Meaning ** *** ***** fails, *** *** **** options ** ** ******* with * ***** **** you ***** **** ********* replacement ************ ** *** other ****** ***'* ******* OSDP.    

*** *** **** *** a **** ** ******* it *** **** **** require **** *********** *** you ***** *** **** maximum ****** ** *********** per ******.

*** ******* **** ********* the ***** **** *** LP1501 ** *** ********** of ******.  ** *** originally **** *** ***** for (*) **** ******* with * *** *** DC ** **** ****, you'll **** ** ******* (2) ******'* ***** *** LP1501 **** *** *** inputs.  ****, **** *** LP1501 *** ***** *** either *** ** ***+ capable.  ** ***** ***+, that ********* *** *** output ** *** ***** to *.*** ** *** LP1501 *** ** ** the ***** ***** ***** you **** ******* ********* power *** * ***** POE ********. 

 

*'* ***** ********* ******* didn't **** *** ***** Weigand ******* ** *** we *** ***** **** the ****** *** * POE *** ******* ********.  I **** **** **** to ******* ********** *** sale ** ******** *** compatibility *****, **** ********** I **** **** *** been **** ***********.

******* *** ** ***'** only ***** *** *** the ***** **** *** need ** *** * POE+ ******** ** ******* your ****** ** *** the ***** ** *** need **** *****. 

*** ***** **** ** transition ** ***+ ** get **** ***** ** matter **** ********** *** were *****.  *** ***** doesn't ******** ******* ***+, so ***'** ***** **** the ~.*** ****** ****** you *** * ***+ power ********* ** ***** the ***** *** ***** door *********. *** ***** gives *** ~.*** ** POE *** ** ** POE+, ** ** ***** the ******* ** ******* additional ***** ** ***** in.  **** ***** *** also **** ** **** at **** ****** ************* now **** *** *****.

*** ******* ****. ******* offerings ****** ***** *** designs * ***** **** to **.  ** *** LP1501 *** * ****** instead ** * ** would ******* ****.

***** ** ******* ****...

***** *** *** ********** me.  * ****** ****. 

**** ***** ** ***** 99% *****, ***** *** vast ******** ** *****’* in *** *** ****** not ***** **** ** an **** *****.

*************** * **** **** taken *** *******, **** everything ******** *******. ** course ** **** *** else ***** ** ********. 

*** *** ******** ***** to *** **** *** habit ** ******** ************* on ***** *** **** number *** * ****** and **********. **** ** it ** * *********** for ********* ****. *********** are ***. 

*'** ******* ******* *** comment ** ****-**** *****.  When * ***** ** them ***** **** **********, the ******* *** ** immediate ***** ** **** production ** *****, ******* it ***** * '*** 2' *****.

* *** **** *** that * ****** ***** for ** *****'* **** my ****** ****** ** filled ***** **** *** no ****** ** ********** and ********** *** ** stock.....

 

**** *** **** ****** as "** ****** ********* for ********" ** ***** website:  *****://*******-********.***/******/********/****:***********/*******:******-***********/

*****,

* ***** **** ********* needs **** **********.

Why **** ** ******

****** ********** ******* ***** do *** ****** ***** own ******* ************************(*** **** *****), *** the ********* *** ***** interoperability *** **** ******* by ******* *** ******* decades.

It ****** ** ******* *** ******* & **********. Since the OSDP protocol is being used in this area. correct me if i'm wrong.

****** **** *** **** great *******.

****** *** ******** ****. Fixed!

*** *** **** ********* a ************* ******* *** 2020. ***** **** ** a ***** ****** ** ISC **** ** ****.**** **** ****, ***** Course - *********** - ISC ****

(**-**** **** ***** **** posting **** ****** ** discussed **** **** ** ISC ****.)

*'** *** **** *** A1001 ** ****** *******. 2017 ******** ******, **? Will ****** ****.

*** **** *** ****** feedback ** ********. **** vendors *** *****/***** *** tx +/- *** **** still *** ***/***** *** +12/ground. **** ***** **** proxy ** **** ***** has ***** *******. ****** is ********* * **********, I'm *** ****** ** claim **'* *** *******.

*****, ** ***** **** about ****

** * **** ***** for **** ********** **** readers/controllers *** ** *********** some **** *******?

***** ****:

*** ** **** ********* not ******** *** ********** OSDP (******** *******, *****, ********), **** will *** ** ********.

*******, **** ***** ***** claiming **** *******, *** spec ****'** ****** ** adopt ** ***** *** often *** *******. *** example, ******* ****** ****, as **** ***** **** reader (**** ****** ****** next ****), *** **** are ******** **** **.*, not '****** *******) **** v2.1.7+ **** **** ********* like ******* ******** *** HID *******.

******. *'* ****** ** find * **** ** OSDP ********* ********, *** can't ***** ******** ****. Are *** ***** ** such * **?

*** ******** ***** * pay-for-certification **** ****** '**** Verified'. *******,*** ***** '********' ******* only ******** * ***********.( ****** ******** *** from ******* ***********, ********* Data, *** ********.)

**** **** ******** *** absent, ********* *** ****** who ***** **** ******* Security (*** **** ***** by ***) **** ******** members ** *** **** development *****.

******* ** ****, * am *** ***** ** a ******* ** ****** OSDP *********** ****.

****** ****.

* ****** ** *** LinkedIn ***'* **:

***** *** **** * companies ******, ***** ** are * *********** ****** of ******* ********* **** of *** ******** ******* in *******. *** ***'* you **** **** ****** get ** ***** **** SIA ** *** *****?

**'* ** ***** ** fwd ***** *** ******* to ****** **** ****, email **:*****@****.****** * *** ****.

Read this IPVM report for free.

This article is part of IPVM's 6,746 reports, 909 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports