OSDP
an Access Control Protocol by SIA
ACCESS CONTROL
WIEGAND PROTOCOL
In access control world we
used Wiegand Protocol (Invented by John Wiegand in 1970). The communication
protocol used in the Wiegand interface is called the Wiegand protocol. This
protocol talks reader to controller. Basically Wiegand interface is a wiring
standard used for interconnecting peripherals like fingerprint readers, card
swipers or iris recognition devices. Initially created by HID Corporation, the Wiegand
devices gained popularity thanks to the popularity of the Wiegand effect card
readers of the 1980s. The Wiegand interface is considered a de facto
wiring standard for card swipe mechanisms, especially for electronic data
entry. Wiegand devices were originally developed by HID Corporation.
The Wiegand interface
consists of three wires in the physical layer, the first wire is for ground and
other two for data transmission, known as Data low/DATA0 and Data high/DATA1.
The wires are composed of an alloy with magnetic properties. DATA0 and DATA1
are pulled up to high voltage, when no data is sent. When "0" is
transmitted, the DATA0 wire is pulled to a low voltage while the DATA1 stays at
high voltage. When "1" is transmitted, DATA0 stays at high voltage,
whereas the DATA1 is pulled to a low voltage.
The
most popular Wiegand interface is 26. It could be 3 bytes (Wiegand-26), 5 bytes
(Wiegand-42) and even 7 bytes. Cable runs are limited to 500 feet. The
Wiegand interface is unidirectional. It means that data is transferred in one
direction only: from reader to the access panel. So access panel waits for a
code on the line. If code is absent it means that there is no card near the
reader or the reader is dead or the line is corrupted. To solve this problem in
this way I asked one vendor to make a new firmware for its reader and
now it sends each half an hour a "heart beat" code.
Given
such limitations it has become increasingly clear that for reader technology
and capabilities to progress, a bi-directional connection between the reader
and access control system is a necessity. Some access control and reader
manufacturers have recognized this need and developed proprietary bidirectional
solutions. The OSDP a nonpriority interface specification that can be
implemented without restriction. The protocol was originally developed by HID
Global and Mercury Security Corp. in 2008 and adopted by SIA as a standard in
2011. SIA formed OSDP working groups, open to all members, and subsequent
contributions have been provided by those participants.
What is OSDP
Open
Supervised Device Protocol (OSDP) is an access control communications standard
developed by the Security Industry Association (SIA) to improve
interoperability among access control and security products. OSDP v2.1.7 is
currently in-process to become a standard recognized by the American National
Standards Institute (ANSI), and OSDP is in constant refinement to retain its
industry-leading position. Open Supervised Device Protocol (OSDP) v.2.1.7 is a
communications protocol that allows peripheral devices such as card readers and
biometric readers to interface with control panels or other security management
systems. It adds sophistication and security benefits through features such as
bi-directional communication and read/write capabilities. The OSDP standard
with Secure Channel Protocol (SCP) will support both IP communications and
point-to-point serial interfaces, such as RS-485.
BI-DIRECTIONAL
COMMUNICATION
The
access control industry’s move to open standards is cultivating a broad range
of interoperable products with enhanced features and security. Open standards
also ensure that solutions can be easily upgraded to support changes in
technology and applications, and give users the confidence that investments in
today’s technologies can be leveraged in the future. OSDP with SCP specification
provides bi-directional communications and security features for connecting
card readers to control panels or other security management systems.
Bi-directional
communication is particularly beneficial for enabling users to change configurations
and to poll and query readers from
a central system, which reduces costs while speeding, and simplifying configuration
and improving the ability to service readers.
Unlike
earlier unidirectional protocols, including the Wiegand interface and the
clock-and-data signal approach used with magnetic stripe readers, OSDP enables
continuous reader status monitoring. It can also immediately indicate a failed,
missing or malfunctioning reader, as well as provide tamper detection and
indication capabilities. All signaling is done over two data lines, providing
the ability to use four-conductor cable to both power the reader and send and
receive data. This lowers installation cost compared to the 6 to 10 conductors
typically used for Wiegand.
HID
Global is one of the first manufacturers to support OSDP with SCP in its reader
portfolio as part of its iCLASS SE platform. iCLASS SE platform readers with
OSDP enable central management, which lowers operational costs by making them
faster and easier to configure and service.
SYSTEM
INTEGRATION
OSDP
gives Higher Security, Advanced Functionality, Ease of Use, More
Interoperability. OSDP provides continuous monitoring of reader status, and can
immediately indicate a failed, missing or malfunctioning reader. OSDP can also
provide tamper indication for readers with onboard tamper detection
capabilities. OSDP protocol for control panels to send messages for display to
a cardholder via a screen embedded within or connected to the reader. The OSDP
standard is particularly important for government installations because it
supports high-end AES-128 encryption (required in federal government
applications). And it meets the requirements of the Federal Identity,
Credential and Access Management (FICAM) guidelines. OSDP also works with
biometrics – Weigand does not.
SYSTEM
ARCHITECHURE
Replacing
legacy access control panels while maintaining operation with legacy card
readers and other field devices.
When
the need arises to replace or upgrade a card access or security control panel
and if the new panel is OSDP compliant, it may be advantageous or necessary to
convert the field devices to OSDP compatibility. This normally means replacing
all readers, sensors, contacts, relays, and door control equipment to OSDP
compliant versions as well. If this is not an immediate option due to time or
cost constraints, the Cypress OSDP-1000 can provide an effective solution.
Credential
Reader - Any Wiegand (Data 0 / Data 1), Strobed (Clock/Data), F/2F, or
Serial interface can be handled by the OSDP-1000 when configured in
"Reader Interface Mode". Since the format of the data is reported by
the OSDP-1000 to the new control panel as an array of bits or characters, the
panel's software must be configured to process the raw bit stream or character
string. The reader type is configured by either on-board DIP switch or via OSDP
configuration command from the panel.
Sensors,
Contacts, Switches, EOL Devices - Since the OSDP-1000 is
mounted on the secure side of the door or gate, all remaining field wiring can
be terminated at the OSDP1000. The new control panel will request data via
protocol command/response and use it to determine the status of the door
position switch, request-to-exit button, or motion detector. The OSDP-1000 has
2 Supervised alarm inputs to accomodate end-of-line resistor configurations.
These can also be used as digital inputs.
Power
Considerations - The OSDP-1000 does not magically create power for itself, the
reader, or door strike from the twisted pair communication wires (but we might
be working on it). The legacy panel or other power supply provided enough power
to operate the reader, sensors, and door or gate operator. If the new control
panel does not provide this power, then a suitable power supply must be
installed at the panel location or at the door or gate. The OSDP-1000 only
requires about 50ma and accepts a wide range of voltage (7 to 24Vdc). The
reader, door strike, and any powered end-of-line device typically dictate what
voltage to use (12 or 24Vdc).
All Devices - As mentioned earlier,
converting all devices at the door or gate is recommended since this adds
supervision of all signals. It also sets up the site for migration to an OSDP
Control Panel in the future. Since the OSDP-1000 is mounted in a secure
enclosure not vulnerable to tamper from the un-secure side of the door or gate,
all signals can be terminated to it and supervised. The OSDP Reader has it's
own polling address as does the second OSDP-1000 module configured for
"Remote Interface Mode".
There
still are many Weigand-base legacy systems in place and due to limited
resources, it may take time to replace them all, but the migration is underway.
Many organizations are taking a step-by-step approach replacing perimeter
readers first and moving to interior readers as funding and time allow.
Future-proof
your access control strategy today. Meet Signo, the signature line of access
control readers from HID Global. This new reader line provides performance,
versatility and security meet in a sleek, modern design. HID Signo™ Readers
deliver mobile access capabilities, ensure easy migration from Wiegand to OSDP
and support the widest range of credential technology so organizations can to
upgrade at their own pace.
GROW YOUR
BUSINESS
Integrators
can differentiate from the competition by promoting open standard protocols,
which can help build new customer relationships and win more projects by
providing new found PACS features. With OSDP only four conductors are ever
needed, two for power and two for all communication.
Wiegand
does not allow for remote configuration or upgrade of a reader. OSDP enables a
customer to remotely change the configuration of a reader (i.e. security keys
or LED color) from any network-connected location.
BENEFITS OF
OSDP
Compared
to common low-security legacy protocols, the emerging OSDP standard offers:
Higher Security
· OSDP is more secure than the most common access control
communications protocol.
· OSDP Secure Channel supports high-end AES-128 encryption
(required in federal government applications).
· OSDP constantly monitors wiring to protect against attack
threats.
Advanced Functionality
·
Supports advance smartcard technology applications, including
PKI/FICAM and biometrics.
·
Supports bi-directional communications among devices.
·
OSDP supports advanced user interface, including welcome
messages and text prompts.
·
OSDP’s use of 2 wires instead of 12+ allows for multi-drop
installation, supervised connections to indicate reader malfunctions, and
scalability to connect more field devices.
Ease of Use
·
Audio-visual user feedback mechanisms provide a rich,
user-centric access control environment.
·
Guesswork is eliminated since encryption and authentication
are predefined.
·
Low cost of implementation on an embedded device.
More Interoperability
·
Using
OSDP enables communication among different manufacturers' devices and solutions.
·
The standard applies to peripheral devices (PDs) such as card
readers and other devices at secured access doors/gates and their control
panels (CPs).
·
SIA promotes the standard at regular “plugfests” among
manufacturers and at InteropFest – an annual interoperability event held at ISC
West tradeshow every spring in Las Vegas, Nevada.
·
The OSDP specification is currently recommended when TCP/IP,
USB, or other common protocols do not lend themselves to the application.
·
The OSDP specification is extensible to IP environments and
the OSDP WG is working on deploying OSDP over IP soon.
Ref:
https://ipvm.com/reports/osdp-access