John Wiegand died in 1986, but the communications protocol that bears his name is still alive and well, connecting access control readers to controllers using two wires – one to transmit “zeros” and the other to transmit “ones.” The Wiegand protocol persists despite its limitations, including one-way communication, lack of encryption, and inability to manage the readers in a system centrally. In a Wiegand system, a controller provides no acknowledgement that data has been received.
Systems that still use the Wiegand protocol are performing below accepted industry standards and are vulnerable to over-the-counter exploits. A session at ISC West’s Virtual Event highlighted a replacement technology that solves those problems and expands the security, flexibility and functionality of systems. The technology is called OSDP (Open Supervised Device Protocol), which is now a standard managed by the Security Industry Association (SIA) and designated as an international standard by the International Electrotechnical Commission (IEC 60839-11-5).
Aligning three components
OSDP requires alignment of three critical components – the access control system, readers and controllers.
The access control system, readers and controllers
OSDP is an RS-485 protocol used to pass card format data from the reader to the controller. Like the Wiegand protocol, it uses two wires, but in this case one wire transmits data and the other receives data. Installation is simplified because no system needs more than four wires – two for OSDP communication and two more for power.
In contrast, using Wiegand, additional wires are needed to add other capabilities – up to 8 or more wires in all. OSDP cable runs can extend up to 4,000 ft (compared to 500 feet for Wiegand).
Therefore, unlike Wiegand, OSDP sends information in both directions and provides “supervision” of the readers. If there is a problem with a reader, such as a reader communication error or disconnect, that notification is sent back to the access control management system. OSDP also supports encryption for greater security, in effect enabling end-to-end encryption for a host system, controller, I/O modules, readers and credentials.
That notification is sent back to the access control management system
OSDP also provides additional capabilities, such as control of a reader’s LED and buzzer as well as sending text notifications and messages to compatible displays. Integrators and/or end users can also push configuration and firmware updates to readers all at once.
Because OSDP is “open,” there are more third-party integrations and standardizations. OSDP is particularly valuable for U.S. government applications because it meets federal access control requirements such as PKI for FICAM.
Best practice dictates rewiring a project using RS-485 cabling. Specific wiring requirements are needed for OSDP, including 24 gauge (AWG) stranded cables that are a shielded twisted pair with 120 Ohm impedance and overall lower capacitance. However, especially for shorter cable runs, existing wire from Wiegand installations can sometimes suffice, say if it is a cable run of less than 100 ft.
Installers should prove their competency before being deployed to an outside installation
“Installation of OSDP is not hard, just different than field technicians are used to deploying,” said Tony Diodato of Cypress Integration Solutions, one of the ISC West presenters. Therefore, training of technicians is paramount, and installers should prove their competency before being deployed to an outside installation in order to avoid problems. Integrators or installing teams should have a “lab” setup to thoroughly familiarise themselves with installation to ensure successful deployments.
Various in-line devices are available to help transition existing Wiegand applications to OSDP, even if one component or other does not support OSDP. For example, data converters enable installation of an OSDP reader with a legacy Wiegand control panel. Replacing existing devices in legacy Wiegand systems with OSDP devices and using data converters can provide some benefits of OSDP without requiring a full “rip-and-replace” installation.