Imagine a world where access control products, systems and solutions work seamlessly together and can communicate securely and with ease –yes, the dream of interoperability! But is it just a dream?
The jury is still out on whether we will ever reach that true state of security nirvana, where convenience meets secure, but the industry is at least in agreement that better interoperability among manufacturers is a good thing.
We are truly entering a world of open (and hopefully secure) application programming interfaces (APIs).
In the end, access control pros want to be able to solve an end-user’s problems without having to rip-and-replace or reconfigure to a completely new system to ensure compliance with standards, and to provide for and meet the needs of the customer.
“The adoption of Open Supervised Device Protocol (OSDP) usage continues to grow year over year; however, the Wiegand devices still dominate the market,” notes Security Industry Association (SIA) Director of Standards and Technology Edison Shen. “IPVM.com polled integrators on OSDP usage in 2022, and more than 70% reported that less than 30% of their access control projects used OSDP, with almost 50% of integrators saying 9% or fewer of projects were using it.”
The silver lining, Shen points out, comes when comparing 2019 and 2022 OSDP usage, with data indicating a strong increase. “We have seen 50 separate companies and brands self-report some level of OSDP protocol support in their products, and we have seen nearly 20 companies go through the process of having their solutions third-party tested to be OSDP Verified,” he says, noting that the adoption is international, too, with companies in North America, Europe and Asia adopting it.
What is OSDP?
Open Supervised Device Protocol (OSDP) is an access control communications standard developed by SIA to improve interoperability among access control and security products. It was approved as an international standard by the International Electrotechnical Commission in May 2020 and has been published as IEC 60839-11-5. SIA OSDP v2.2, which is based on the IEC 60839-11-5 standard, was released in December 2020.
In terms of adoption, manufacturers including Cypress Integration Solutions, HID Global and Mercury are already on board. SIA recommends specifying OSDP for any access control installations that require higher security and/or will be used in government and other high-security settings.
OSDP is particularly valuable for government applications because it meets federal access control requirements like PKI for FICAM.
“OSDP has really hit its stride, with incredible market adoption and a lot of training – [including] our OSDP Boot Camps, which are for integrators/installing companies,” explains SIA Senior Director of Marketing Geoff Kohl. “We have seen a lot of product companies go beyond simply adopting the standard; many have taken the added step of having their products OSDP Verified by SIA, which involves SIA bench testing them to ensure compatibility. To date, roughly 130 products have become OSDP Verified, and that list is growing steadily, which means a competitive set of interoperable (and secure) products are available.”
OSDP Verified
For a manufacturer to take the added step of having particular products “OSDP Verified” by SIA, Shen says each device goes through a comprehensive list of test cases.
Once the test is complete, the independent tester reviews the results with the manufacturer and assist with a remediation plan, if needed, for non-conformance.
“We are pleased with the growth of OSDP Verified, which is currently more than 130 verified devices and 18 different brands in just three years,” Shen says. “It reaffirms our hypothesis that the market needed a differentiator between claims OSDP support and conformity assessment OSDP implementation through third-party testing. We see this trend continue as more companies make inquiries to participate in the program.”
Is True Interoperability Actually Possible?
While we may be far from the holy grail of seamless interoperability and widespread open and secure APIs, the OSDP standard is helping to create a more competitive set of interoperable (and secure) products available in the access market.
“The standard was originally designed to grant the access controller the ability to supervise the reader,” Shen explains. “This feature has now expanded to provide additional benefits, such as interoperability between different vendor devices, security through the support of high-end AES 128 encryption, advanced functionalities like file transfer, audio-visual feedback, smartcard applications and many more. We look forward to the expansion of OSDP features as the standard and technology progresses.”
Looking to the future, SIA’s OSDP Technical Subcommittee is continuing its work on the development of the standard. Shen notes that OSDP version 2.2.1 – which addresses previously identified errors – is set for release soon, adding that once version 2.2.1 is published, the subcommittee will be back to work on version 2.3 to add additional features.
Boot Camps
The OSDP Boot Camp program has been the culmination of 18 months of development through the “efforts of SIA members and companies to address the need of educating specifiers, integrators, practitioners, and manufacturers on the deployment and troubleshooting of OSDP devices,” Shen says.
SIA has hosted more than a dozen boot camps since its inception in 2018. “Even during COVID we managed to continue hosting these bootcamps (virtually),” notes SIA Director of Learning and Development Dr. Elli Reges. “Our current plan is to host at least four boot camps a year – two during ISC East and West, one hosted at SIA headquarters in Silver Spring, Md., in August, and another virtually during PSA-TEC. We also partner with organizations to host private boot camps for their staff.”
OSDP Boot Camp consists of two sessions – an interactive lecture session and a hands-on lab session. “After the boot camp, attendees will be able to confidently describe the technical principles of OSDP, summarize the advantages of OSDP over Wiegand, configure and commission OSDP devices, and troubleshoot systems with the methods and tools of debugging,” Shen explains.
“Our trainers customize the focus of the lecture portion of the course to cover the products and devices most used by the attendee audience,” Dr. Reges adds. “During the hands-on portion, participants learn how to configure and deploy OSDP devices from various vendors using prefabricated training pods. Instructors explain how to maintain and troubleshoot OSDP products in the field to ensure participants leave with a full understanding of the device lifecycle.”
To learn more about SIA’s OSDP Boot Camps, as well as a schedule and sign-up options, visit https://bit.ly/SIA-OSDP-Boot-Camp.
Increased Education Leads to Increased Adoption
SIA has also seen increased adoption of OSDP by specifying consultants, and practitioners at some very large tech companies, financial institutions and government agencies, which now spec and adopt OSDP.
“Often, these practitioners have turned to OSDP for the increased cybersecurity that it provides compared to common, older protocols like Wiegand,” Kohl explains. “But there is no doubt that we still have a long way to go. We are fortunate that OSDP has been a strong educational topic at [many industry] events.”
Adds Shen: “We will also be looking to educate specifiers and consultants on the benefits of specifying to OSDP Verified, and utilizing technicians who have gone through OSDP Boot Camp.”
Paul Ragusa is Senior Editor for Locksmith Ledger magazine, a sister publication to Security Business. Visit www.locksmithledger.com for more.