What is OSDP, really

Article is not finished yet. I plan to finish it and add more as soon as I resolve some issues.

Physical security industry is one of slowest progressing branches of technology. For various reasons tenths of years old solutions are still in widespread use. I think this may be attributed to ignorance of users. All that happens because users trust that the key or card is secure. This is often not the case. One could draw parallel between card based access technology and physical locks. Hundreds of years of history and even today well known companies are making locks with disqualifying flaws. I recommend YouTube channel LockPickingLawyer.

For over 50 years Wiegand interface is dominating market as interface between controllers and card readers. “Crude but effective” de facto standard was only common ground industry could muster. Unidirectional interface sending series of pulses over two wires. No synchronization, no data integrity, no standardized support for keypads. Over years overgrown with custom extensions again limiting compatibility between devices from different manufacturers.

I could not trace origins exactly but back then separate companies HID, Mercury security and Codebench (people who left CASI-RUSCO before or shortly after it was purchased by GE Security) decided to work on a new industry wide standard. Today both Codebench and Mercury belong to HID.

OSDP is an initialism for Open Supervised Device Protocol. There are no conformity tests. You can buy specification for 30 USD (or more) and I guess you’re free to make devices that use this protocol; no royalties. You can join SIA (organisation that takes care of OSDP) but that is not mandatory. While not perfect it is far superior to Wiegand.

Specification names two parts:

  • Peripheral device (PD)
  • Control panel (CP)

Peripheral device has following features:

  • up to 256 readers (card + keypad + bio )
  • up to 256 buzzers
  • up to 256 digital outputs
  • up to 256 LEDs per reader (65536 in total) each can have up to 4 colours (red, green, amber, blue)
  • up to 256 digital inputs
  • power fault and tamper reporting inputs
  • up to 256 8-bit ASCII character displays (up to 4 rows and 16 columns)

Peripheral device can be interrogated by panel. This way panel can learn capabilities of given device. Device can report its capacities manufacturer, model and version so it is possible to keep list of device quirks if needed. Because there is no certification process devices often don’t report capabilities properly. I found out that you can scan device by sending commands to control components. Device is supposed to reply with negative acknowledgement if parameters are out of bounds but again depending on device this happens or not …

Peripheral device is supposed to listen to incoming requests and reply to them within specific time.

Example OSDP session with Nexus reader

to be continued …

Leave a Reply

Your email address will not be published. Required fields are marked *