Don’t Be Intimidated by OSDP
ISC East 2022 is coming up Nov. 15-17 in New York City, and the Security Industry Association (SIA) and ISC East recently revealed full conference details for the SIA Education@ISC East program, including keynote presentations from top luminaries and over 30 sessions from top industry expert speakers on the most current business trends, technologies and industry developments. Among the robust lineup of conference sessions is the presentation OSDP Installations: Getting Up to Speed on Today’s Challenges, Tools and Solutions.
In this session, Tony Diodato, founder and chief technology officer at Cypress Integration Solutions and co-chair of SIA’s Open Supervised Device Protocol (OSDP) Working Group; Tom Piston, eastern regional sales manager at Farpointe Data, Inc.; and Stephen “Shep” Sheppard, manager, key accounts/global sales at Farpointe Data, Inc.; will address the OSDP installation challenges heard most frequently and how to manage them. In this blog, Diodato provides expert insights on this critical topic and gives a sneak peek of what to expect during this session. Join us Wednesday, Nov. 16, at 3:15 p.m. to learn more!
Welcome to the Open Supervised Device Protocol.
After decades of chaos and proprietary methods of connecting peripheral devices (PD) to their access control units (ACU), OSDP is a consensus-designed specification that has emerged to ensure security, supervision and interoperability.
A primary goal was to replace the unidirectional data transmission methods (Wiegand, Strobed, Serial, etc.) with a bidirectional protocol, without incurring onerous component expense or the painful ripping and replacing of legacy equipment. Once accomplished, the benefits realized from implementing OSDP as that replacement ensure futureproof system architectures and enhanced functionality.
OSDP is a protocol capable of handling today’s access control needs; therefore, it comes with a bit of learning curve and technicians need proper training, such as SIA’s OSDP Boot Camp. It is essential technicians understand the the nuances of OSDP vs. Wiegand. For example, when an OSDP reader is powered up, its LED does not turn red until it communicates with an access control panel.
In speaking to those in the access control world, the following topics have been emerging in OSDP discussions:
Configuration
Although OSDP is just two wires, those wires are used very differently than legacy, unidirectional, unsecure and unsupervised signaling methods. Each device (PD) on the OSDP network must be configured to communicate with its controller (ACU). Although most ACUs provide a means of doing this, it is helpful to understand the process and the third-party tools available to configure and verify the polling address and baud rate (communication speed).
Unlike readers of the past that used Wiegand or other legacy signaling methods, OSDP readers come out of the box with a default speed and a default polling ID set by the manufacturer and need to be set to whatever the panel is expecting. It is helpful to configure these in a bench test setup – this can be done with a laptop with a RS-485 cable or using a dedicated OSDP COMSET tool.
Cable
Unlike Wiegand, Strobed, F/2f and other simplex card reader interfaces, an OSDP connection requires only power and twisted pair wires (four conductors). The power can be the typical pair of 18awg stranded wire but the communication needs to be true twisted pair. Some manufacturers offer a twisted pair product that is optimized for OSDP (RS-485, 9600 to 230400 baud) so if new installation is an option, they have the solution in a single jacket. If retrofitting existing wiring (Wiegand for example), keep in mind that those signaling frequencies are approximately 9600 bps and limited to less than 500 feet. So chances are good that the wire will support OSDP under those constraints. To futureproof your installation efforts, it is always best to replace the wire whenever possible.
Firmware Updates
OSDP has finally addressed this access control need! A well-defined and consistent method to update the firmware in PD is baked into the OSDP specification. The FILETRANSFER command suite allows an access controller or PACS console to securely and efficiently send new firmware to installed card readers. Before OSDP, this process required a physical visit to each card reader or peripheral device for in-the-field update using various manufacturer-specific techniques or outright replacement.
Interoperability
The goal of OSDP, beyond supervision and secure communication, is verified performance and behavior across manufacturers, eliminating the proprietary nature of most other networked card reader, display and I/O interface devices. The OSDP Verified program allows a manufacturer to apply a label indicating compliance after a third-party test service has evaluated and listed the product and its performance profiles.
Think of performance profiles like USB. A computer mouse and a camera can both be plugged into a USB port, but they have very different profiles, so when you plug them into the laptop it requires different commands. Similarly, OSDP devices require different profiles, depending on the type of peripheral device.
OSDP defines four types of profiles for OSDP devices: Basic, Secure, Smart Card and Biometric. In order to ensure interoperability amongst manufacturers, the profiles define the process of using OSDP commands to accomplish certain functions of access control and security; for instance, the startup sequence of a reader and the initialization of a newly discovered device on the network. The profiles also define the subset of OSDP commands that are necessary for each type of device class. A basic card reader does not require the full set of OSDP commands, for example.
The OSDP specification is a protocol definition, not a best practices document. It is mainly concerned with bit definitions and other LINK and TRANSPORT layer issues, rather than how it is applied. In the section on PROFILES found on the OSDP Verified products page, these are used to ensure interoperability amongst devices and manufacturers.
As a manufacturer of access control middleware, we do independent testing and encourage security professionals to do this as well. Similar to the IT world, it is a smart practice to never deploy live without testing in a lab first. In addition to independent testing, the OSDP Verified program gives a big head start to those installing and retrofitting systems to use OSDP.
Secure Channel
Perhaps the single most important feature of OSDP is the Secure Channel Session (SCS) which ensures that all business data transfers over the twisted pair are encrypted and authenticated. This eliminates the well known vulnerability of legacy card reader to control panel communications. Incidents of successful attacks of the existing legacy signaling methods are increasing and OSDP adoption is the solution.
Secure Channel is included in OSDP v2 devices, but in addition to setting the polling address and baud rate, which are necessary in order for OSDP to work, a unique encryption key is necessary to use the Secure Channel feature.
Don’t be intimidated by OSDP; the advantages far outweight the small learning curve. The hardest part is simply taking the initiative to learn the differences; those who embrace OSDP come away with a good understanding of how these things relate, and they gain expertise that is a boon to installers, their companies and their customers.
You can access the full SIA Education@ISC conference program for only $75 by registering for a SIA Education@ISC 2-Day Pass here. And don’t forget to use SIA’s free registration link to sign up for the ISC East trade show.
The views and opinions expressed in guest posts and/or profiles are those of the authors or sources and do not necessarily reflect the official policy or position of the Security Industry Association.