OSDP FAQSHow Cypress products
can help you use OSDP
Download the OSDP vs
Wiegand fact sheet
Access our library of
OSDP industry articles
OSDP FAQHow Cypress products
can help you use OSDP
Download the OSDP vs
Wiegand fact sheet
Access our library of
OSDP industry articles
Download

Download OSDP
Product Sheet

 

The Open Supervised Device Protocol (OSDP) has replaced Wiegand as the Security Industry Association’s standard for many reasons:

 
 

OSDP v2 with Secure Channel is a true protocol with encryption and authentication for robust security.

OSDP has 2-way communication for supervision, remote maintenance and enhanced functions.

OSDP is interoperable, enabling OSDP Verified devices to work together, regardless of manufacturer.

OSDP was approved as an international standard in 2020 by the International Electrotechnical Commission (IEC 60839-11-5).

 
 

FREQUENTLY ASKED QUESTIONS

 

Q. What is OSDP? What is the meaning of the OSDP name? What do PD and ACU mean?

A. OSDP stands for Open Supervised Device Protocol. OSDP is a secure, supervised, interoperable, and highly functional protocol that has replaced Wiegand as the official access control protocol of the Security Industry Association (SIA). 

OSDP is a 2-way command-response protocol for use between a credential reader and access controller, and was designed to run over RS-485 cable. The OSDP Working Group also aims to deploy OSDP over IP in the future.

In 2020, the OSDP protocol became an international standard (IEC 60839-11-5) after attaining the approval of the International Electrotechnical Commission. 

SIA recommends broad adoption of OSDP, especially in high-security settings. 

The terms peripheral device (PD) and ACU (access control unit) are frequently used in OSDP discussions.

Q. Who owns OSDP? Who developed OSDP?

A.  The Security Industry Association (SIA) owns OSDP; it is not owned by any company. While the earliest version of OSDP was jointly developed in 2008 by HID Global, Mercury, and Lenel, ownership of the specification was transferred to SIA in 2012. 

OSDP v2 was developed by SIA and the OSDP Working Group. 

The OSDP Working Group, part of the larger SIA Standards Access Control & Identity Subcommittee, is a group of engineers, product developers, specifiers and security professionals who continue to advance OSDP.

Q. Why is Cypress committed to OSDP? Why should I use OSDP?

A.  Cypress is committed to OSDP due to the longtime need for a capable Wiegand replacement. Cypress Founder and CTO Tony Diodato spent years engineering solutions to address the many shortcomings of Wiegand: Wiegand’s lack of supervision, its distance limitations, its installation requirements, and its overall lack of features. Wiegand brought order to the early “Wild West” days of access control but did not keep up with industry needs. 

Tony’s firsthand insights led him to become a proponent of the OSDP protocol and a contributor to the OSDP Working Group. In 2019, Tony was named co-chair of the OSDP Working Group, alongside Steve Rogers of IQ Devices. Cypress also develops OSDP solutions such as the first OSDP-Wiegand Converter on the market, the pluggable OSDP Hub for testing, the OSDP In-Panel Interface, the Embedded OSDP Module that allows reader manufacturers to support OSDP, and other OSDP devices (link to OSDP products page).

Download the free fact sheet, “Why use OSDP instead of Wiegand?” 

Q. What is the difference between OSDP v1 and OSDP v2?

A.  OSDP v1 refers to the initial OSDP protocol, which was privately developed before rights to the specification

were transferred to SIA. All OSDP iterations starting with v2 were developed under SIA’s guidance by the OSDP Working Group, and include Secure Channel encryption plus features such as support for biometric readers. 

All products with the OSDP Verified mark, which signifies that the products have met SIA’s independent conformance testing requirements, use OSDP v2. Since OSDP v1 products are now difficult to source, the more relevant issue is choosing an OSDP Verified product. 

Q. What is OSDP Verified certification?

A. A product that is OSDP Verified has passed independent conformance testing. SIA founded the OSDP Verified program in 2020 to validate devices conforming to the SIA Open Supervised Device Protocol (OSDP) standard and related performance profiles. 

See also: OSDP & interoperability.

Q. Is OSDP more secure than Wiegand?

A. Yes, OSDP is much more secure than Wiegand. OSDP with Secure Channel communication uses AES-128 encryption and authentication to prevent “eavesdropping” on the data connection. With OSDP, data is encrypted and is never transmitted the same way twice, making it virtually impossible to listen in on the connection.

Wiegand, however, sends data from the reader to the controller without encrypting the data, and without any way to ensure only the intended parties are communicating. In addition, a Wiegand system cannot detect reader malfunctions or vandalism, since Wiegand lacks 2-way communication and supervision.

The Security Industry Association (SIA) recommends broad adoption of OSDP, especially in high-security and government settings. OSDP meets federal access control requirements, such as PKI for FICAM.

See also: Wiegand vulnerability, OSDP encryption, Secure credentials or OSDP, Secure Channel & keys and OSDP supervision.

Q. What is the Wiegand vulnerability? Does the vulnerability affect OSDP?

A. The Wiegand interface is notoriously vulnerable to man-in-the-middle attacks. The vulnerability is due to the lack of encryption and authentication in the Wiegand specification, which was developed in the 1970s, before hacking technology became smaller, cheaper, easily available, and before information was readily available online.

With the Wiegand interface, data sent from the reader to the controller is transmitted “in the clear” without any way to conceal the data from threat actors. In less than one minute, an attack can be launched at the reader, allowing credential data to be skimmed to spoof the system, open access doors or gates, and deny access to legitimate credential holders.

The entire attack can be carried out without the Wiegand reader ever going offline and without the control panel receiving any notification, since Wiegand also lacks supervision. 

OSDP is not subject to the Wiegand vulnerability, thanks to its encryption, authentication, and supervision.

Q. Is OSDP encrypted? Is Wiegand encrypted?

A. OSDP v2 with Secure Channel has an AES-128 encryption and authentication scheme with initialization messages and keys, to ensure communication takes place strictly between intended parties and to hide the data exchanged between the reader and the controller. Wiegand, the previous de facto access control standard, is an interface without encryption, authentication or supervision.

See also: Is OSDP secure?

Q. What is Secure Channel? What does SCBK mean? How do I load keys?

A. OSDP v2 with Secure Channel has an AES-128 encryption and authentication scheme with initialization messages and keys, to ensure communication takes place strictly between intended parties and to hide the data exchanged between the reader and the controller. The keys are 128 bits (or 16 bytes) as dictated by AES-128 encryption. 

All OSDP devices have a known default Secure Channel Base Key (SCBK), per the OSDP spec. The SCBK is a key shared by the peripheral device / reader and the controller, which is used once to initiate the encryption. The SCBK allows the panel to send a challenge command (vital information that the peripheral device can use to begin the “handshake” process and initiate a Secure Channel session). Note that OSDP security is not limited to the Secure Channel Base Key; the SCBK is used just once at the start of the session before special session keys are generated and used to encrypt the OSDP data.

An important part of setting up an OSDP installation is properly configuring the SCBK in the controller and the reader or peripheral device. Each reader should have its own, unique SCBK. The SCBK should be loaded into the reader out-of-band, meaning the reader is directly connected to the controller over a few feet of wire and not connected to the OSDP network.

Q. If the reader is already secure, why do I need OSDP?

A. A secure reader protects data exchanged between the credential and reader, but the reader cannot protect data as it travels to the access controller.

Securely transmitting access control data is a 2-part process: think of the data as a letter that is first taken to the post office, before the letter is loaded on a truck for delivery. 

After data is sent from the credential to the reader, the data is then sent from the reader to the controller. In high security areas, it is critical to secure data at both points: at the credential-to-reader connection, and the reader-to-panel connection.

OSDP’s encryption, authentication and supervision protects the data between the reader and the controller; Wiegand does not protect the data.

Q. Does OSDP communicate differently than Wiegand? Why does it matter?

A. Since Wiegand is a simple 1-way interface, the reader sends out data to the controller, without any assurance that the data reaches the controller, and the controller has no way to supervise the connection. OSDP, however, is a 2-way (bi-directional) protocol, which allows the end devices to have a conversation.

OSDP is a command-response protocol: The panel issues commands to the reader and the reader responds with updates such as credential data, or the I/O states of LEDs, buzzers, or tamper. 

The 2-way communication (and other aspects of OSDP) allows for much greater functionality than Wiegand. For example, OSDP supports a file transfer feature for remote updates, allowing configuration and firmware update files to be sent from the panel, instead of requiring a technician to physically remove each reader from the wall.

Q. Why is OSDP supervision important? Does Wiegand have supervision?

A. OSDP has 2-way communication to supervise and constantly monitor the connection to alert the controller if the reader is tampered with, malfunctions, or loses power. Since Wiegand is a simple interface with 1-way communication, there is no way of knowing if the controller has lost contact with the reader. 

Q. Are there other OSDP-Wiegand differences? How does OSDP compare to Wiegand in terms of functionality?

A. OSDP is much more advanced and functional than Wiegand. For example:

  • OSDP supports protocol messages for commands such as turning on an LED; Wiegand requires I/O wires
  • OSDP supports a file transfer feature for remote updates, allowing configuration and firmware update files to be sent from the panel, instead of requiring a technician to physically remove each reader from the wall
  • OSDP supports 1024 bits of credential data to accommodate larger formats; Wiegand data formats are usually 200 bits or less
  • OSDP supports a variety of baud rates to best suit a network, allowing many readers or longer cable runs, for example
  • Biometrics: OSDP biometric readers can be installed similar to any OSDP reader using 2-wire RS-485; no Ethernet or PoE connection is required, and functionality/data is handled with specific OSDP protocol messages, thanks to 2-way data and greater bandwidth than Wiegand

Q. Can I use OSDP devices from different manufacturers? Can all OSDP Verified devices be mixed & matched?

A.  The OSDP protocol was designed to enable interoperability between devices from different manufacturers. This is why OSDP is recommended as a replacement for proprietary RS-485 protocols which may be more secure than Wiegand, but cannot be mixed with devices from other manufacturers to best suit the application.

SIA implemented the OSDP Verified program to ensure devices are tested and meet critieria for the standard and the listed profiles. SIA notes that there are still design considerations that an implementer must account for when deploying a SIA OSDP system.

Q. Why use OSDP instead of Wiegand?

A. The Open Supervised Device Protocol (OSDP) has replaced Wiegand as the Security Industry Association's standard for many reasons. For example:

  • OSDP v2 with Secure Channel is a true protocol with encryption and authentication for robust security, while Wiegand lacks encryption and authentication
  • OSDP has 2-way communication for supervision, remote maintenance and enhanced functions, while Wiegand is a simple 1-way interface without supervision or OSDP’s functionality
  • OSDP is designed for interoperability
  • OSDP was approved as an international standard in 2020 by the International Electrotechnical Commission (IEC 60839-11-5)

For an expanded list of differences between Wiegand and OSDP, download the free OSDP v Wiegand fact sheet.

Q. Is it possible to retrofit a Wiegand system to use OSDP in a phased installation?

A. Yes, a Wiegand system may be retrofitted to use OSDP. A common strategy is to first identify high-security access points to install OSDP readers, along with converters to allow the OSDP reader to interface with the Wiegand panel. Cypress offers the OSM-1000 or the OSM-CPI OSDP-Wiegand converters for use at the panel to secure the cable run with OSDP Secure Channel. More OSDP readers and an OSDP panel can be added in later phases.

Q. Do you need special OSDP RS-485 cable to install an OSDP system?

A. The short answer: It depends. Generally when we speak with customers retrofitting a Wiegand panel with an OSDP reader plus our converter, they can reuse existing cable, since the distance is generally less than 500 feet. The farther the cable run, the more suitable the cable needs to be to the needs of OSDP (RS-485). OSDP-specific cable will do the job very well though, and is especially worth considering for a new installation with longer cable runs between readers and the controller. 

Q. How far from an OSDP panel can I install an OSDP reader? Does OSDP allow for multi-drop installations?

A. OSDP allows readers & other peripheral devices to be installed up to 4,000 ft. from the controller, a big improvement over the 500 ft. distance at which Wiegand generally drops off. OSDP also supports multi-drop installations. One length of 2-conductor cable can be daisy-chained to accommodate many readers connected to a single controller. With Wiegand, each reader/peripheral device must be wired all the way to the panel. 

See also: OSDP wiring.

Q. Is there a learning curve with OSDP? If so, where can I find OSDP training?

A. Yes, there is a minimal learning curve with OSDP, as with any new technology. While installing OSDP is different than installing Wiegand, top integrators have found it worthwhile to ensure their companies are well versed in OSDP. SIA offers OSDP Boot Camps, which are instructor-led, hands-on training in OSDP design, configuration and implementation. ASIS CPE credits may now be earned by attending an OSDP Boot Camp. 

Q. How do I find reputable OSDP devices? Is there an OSDP testing process?

A. The Security Industry Association implemented the OSDP Verified program to ensure devices are tested and meet critieria for the standard and listed profiles. For manufacturers internally testing products with other OSDP devices, as well as integrators and security professionals lab-testing OSDP systems, Cypress offers the OSM-HUB test tool to streamline the process. The Hub allows devices to be plugged into ports, instead of wiring devices using a busbar, terminal blocks or wire nuts. 

 
 

OSDP industry articles

 
 

OSDP Offers Encryption Prescription: Why It’s Better Than Wiegand

Security Sales & Integration

 

“Combined with modern credentials, OSDP provides a way for secure end-to-end deployments with lower installation and operational costs.” Read more …

 

Access Control Benefits: SIA OSDP vs. Legacy Card Systems

Total Security Advisor

 

“Consider the communications technology approach that will future-proof your system’s performance and security. While some access control systems leverage legacy technology like Wiegand, the most modern, advanced systems are powered by Open Supervised Device Protocol (OSDP).” Read more …

 

10 Steps: How to Set up Your Integration Business for OSDP Success

Security Sales & Integration

 

“Widespread adoption of OSDP, an access control communications standard, is long overdue. Fortunately, the barriers for entry are low.” Read more …

 

Popular Access Control

Security Today

 

“If your new system leverages the Security Industry Association’s (SIA) Open Supervised Device Protocol (OSDP), it also will interface easily with control panels or other security management systems, fostering interoperability among security devices, whether using mobile or a card… OSDP is not in the same ballpark with Wiegand; it is in a different sport and country.” Read more …

 

The Quest for Electronic Access Control Best Practices

Security Sales & Integration

 

“OSDP basically is encrypted EAC communication using the popular RS-485 footprint. In comparison, OSDP provides reader-to-controller encryption and two-way communications while Wiegand has no encryption or two-way communications…OSDP is obviously the winner for today’s secure EAC communications.” Read more …

 

On-Ramp to the Cloud: Upgrading Physical Access Control with OSDP

Security Sales & Integration

 

“A key specification in the journey to the Cloud is the Open Supervised Device Protocol, which improves security while adding real-world efficiencies.” Read more …

 

SIA Names New Director of Standards and Technology

SecurityIndustry.org

 

The Security Industry Association (SIA) has named Edison Shen as its new director of standards and technology… Read more …

 

OSDP & Identity Conversation with Doug OGorden & Salvatore D'Agostino (audio)

FindBiometrics.com

 

“In the OSDP Verified program, we have the world’s leading experts on OSDP. People who come into the program benefit from literally a hundred man years of knowledge on OSDP. Every development team we’ve interacted with has benefited from going through the verification program” Read more …

 

There is a Hole in the Boat: Why Access Control Professionals Need to Move from Wiegand to OSDP

SecurityIndustry.org

 

For less than $100, anyone can go online and purchase a device known as an ESP Key. Bad actors can easily take a card reader off the wall and install this postage stamp-sized device on the existing wiring to “sniff” the data that is being transmitted across it. This sensitive data and the vulnerable way it is being transmitted requires attention… Read more …

 

Why OSDP?

YouTube

Paige DataCom Solutions

 

Do you want to be known as the integrator that told your customer to use an old technology that created a vulnerability? OSDP is secure, has 2-way communication, allows readers to be supervised, and can be used to support everything at a door.… Read more …

 

OSDP Conversation with Doug OGorden & Tony Diodato, Cypress Founder & CTO (audio)

FindBiometrics.com

 

In this special episode of the ID Talk Podcast, FindBiometrics’ Doug OGorden speaks with Tony Diodato, co-chair of the Security Industry Association’s OSDP working group and owner and CTO of Cypress Integration Systems… Read more …

 

Cypress Sees OSDP Heading into Growth Phase

SecIndGroup.com

 

SIA’s Open Supervised Device Protocol is quickly becoming the minimum entry requirement for readers in the security industry today. OSDP is expected to be a core requirement for any reader in serious future security projects to protect the customer’s investment because of its higher level of security and potentially being an open industry standard for communication of access readers with access control systems and other management systems.… Read more …

 

5 Reasons Security Integrators Should be Implementing OSDP

FarpointeData.com

 

By employing RS-485 serial communications, OSDP offers important installation benefits. Dedicated homerun wiring (or point-to-point) is no longer required from the access control panel to each individual reader… Read more …

 

OSDP Takes the Next Big Step

SecurityInfoWatch.com

 

Far too often, your customers are forced to make tradeoffs between security and ease of use. As a general rule, the more secure a solution is, the more time is required to establish security protocols.

Access control using the Security Industry Association (SIA) Open Supervised Device Protocol (OSDP) standard is one of those exceptions where security is baked into the solution, providing customers with the security that they require and providing the integrator community with ease of deployment and maintenance capabilities far beyond those of traditional Wiegand access control deployments. Read more …

 

Exceeding Standards Within Access Control

Security Systems News

 

Knowing that access control is one of the key elements in putting together a comprehensive security plan, it is imperative that standards are continually enhanced to give end users peace of mind knowing that their facilities are safe and secure.

To that end, the Security Industry Association (SIA) Working Group has developed and maintained the Open Supervised Device Protocol (OSDP) since 2011. Read more …

 

ISC West Virtual Session Highlights Promise of OSDP to Replace Wiegand

Security Informed

 
Systems that still use the Wiegand protocol are performing below accepted industry standards and are vulnerable to over-the-counter exploits. A session at ISC West’s Virtual Event highlighted a replacement technology that solves those problems and expands the security, flexibility and functionality of systems. Read more
 

The Promise of OSDP: New Implementation and Retrofits

ISC West 2020 Virtual Event

 
The security and efficiency of many access control systems is sub-par and vulnerable to exploits, but adoption of SIA’s #OSDP standard brings enhanced security, flexibility & choices in an access control partner. This ISC West recorded session looks at how OSDP solves legacy vulnerability, and delivers increased security, functionality and interoperability, and reviews implementation and retrofits with Jeremy Fromm of Mercury Security and Tony Diodato of Cypress.
 

Hacked in 60 Seconds: How Legacy Wiegand Exposes Modern Access Control

ISC West 2020 Virtual Event

 
Why use the most advanced readers and credentials in an access control system only to introduce a vulnerability at the connection?
In this ISC West recorded session, see how easily the Wiegand connection can be hacked and learn how SIA’s OSDP standard secures the connection in this session featuring ethical hacker Babak Javadi and format/protocol expert Tony Diodato, co-chair of the SIA OSDP Working Group.
 

Cypress among first to announce OSDP Verified solution

Cypress / Security Industry Association

 
Cypress is among the first group of manufacturers with a product that has successfully completed the OSDP Verified independent conformance testing, with the OSM-1000 OSDP-Wiegand Converter. The verification program is a milestone for the industry, says Tony Diodato, Cypress founder and Chief Technology Officer. See the current list of OSDP Verified products here. See the Cypress announcement here.
 

The OSDP Standard

Inside Access Control

 

OSDP is a protocol that the Security Industry Association developed, and one that’s taking the industry by storm. In this episode of Inside Access Control, Lee Odess sits down with Salvatore D’Agostino, CEO of IDmachines and Co-Founder of OpenConsent, to talk about the new communication standard.

 

SIA open protocol approved as international standard

Security Systems News

 
“This is really exciting for the industry,” Anthony Diodato, co-chair of SIA’s OSDP Working Group and founder, CTO at Cypress Integration Systems, said in the announcement. “While the process may have been long, the industry can finally point to an international standard that brings higher security and greater functionality to new and legacy access control solutions.” … . Read more.
 

OSDP Receives IEC approval

Security Matters

 

What it took to develop the OSDP protocol (podcast with host Andrew Lanning, Salvatore D’Agostino of IDmachines, and Rodney Thayer of 
Smithee Solutions) 

 

OSDP: The future of access control

Security

 
It’s easy to see why the Open Supervised Device Protocol (OSDP), has become the security industry’s gold standard for access control installations. It enhances security, adds flexibility and makes systems easy to update and integrate with other devices. … (Read more)
 

OSDP-to-legacy Wiegand panel converter simplifies adoption of SIA’s OSDP standard

Security Info Watch

 
Installed inside the panel, the OSM-CPI is a dedicated OSDP-to-legacy Wiegand control panel interface that securely connects the panel with an OSDP reader … Read more
 

State of the Market 2020: Access Control

SDM Magazine

 
 

Defending Physical Security Devices from Hackers

Security Info Watch

 
 

The Advantages of OSDP

Hi-Tech Security Solutions Magazine

 
 

Migrating Access Control to a Secure Future

Security Info Watch

 
The latest OSDP specification offers tremendous efficiencies which can be captured in Return on Investment (RoI) scenarios… Read more.
 

What is OSDP?

PCSCsecurity.com

 
OSDP is best explained in contrast to the Wiegand interface protocol that it is quickly replacing. A wiring standard which arose from the popularity… Read more.
 

A Gold Standard for Access Control Installations

Security Informed

 
Today’s security industry technology standards create a common framework for achieving predictable performance. Systems are made… Read more
 

Experts: Access Control Tech to Continue to Evolve in 2019

Security Info Watch

 
When some technologists assess the state of the physical access control industry, they look at it through the same eyes as a teenager might… Read more
 

Tech Trends: The OSDP Awareness Campaign

Security Info Watch

 
At the recent CONSULT conference in Nashville, I had the opportunity to sit in on a lively discussion on the use of the Security Industry Association… Read more
 

Intransigence at the Card Reader Door

Security Info Watch

 
The Internet is replete with information on how to “hack” Wiegand communication and many types of access cards. One Security By Design, Inc. client… Read more
 

OSDP access control spec delivers interoperability

SecureID News

 
…  Assigned to SIA in 2012 in order to promote its openness and enable the specification to evolve with input from the entire industry, SIA OSDP has a number of advantages over other security protocols … Read more
 

How Are Standards Changing Physical Security?

Security Informed

 
 

Tiny Hacking Device Lets Anyone Into Your Office

Yahoo Finance

 
 

OSDP Benefits Forward-Thinking Campus Environments

Campus Security & Life Safety

 
 

Security Systems Integrators are Missing the Boat on Interoperability

Security Sales & Integration

 
Access control credentials range from magnetic stripe to 125kHz proximity credentials that output an identifier and do not provide… Read more.
 

Specifying Hacking-Resistant Access Control

The Construction Specifier

 

Why use

OSDP

instead of Wiegand?

Download the fact sheet here
Slide background

Please use email if at all possible and include a phone number if a return call is preferred.

Please be safe and remain aware of the risks.

If your inquiry is not urgent please leave a message and it will be handled as quickly as possible.

Please share this will any and all that you deem may need to know.

Presales, service and support will be available M-F from 9am - 6pm EST.

Emails to solutions@cyprx.com will be addressed in a timely manner and calls to +1.810.245.2300 will be returned if you leave a detailed email with your name and return phone number.

To valued partners,

As Covid-19 continues to create challenges for personal health and business continuity we have decided to take a brief pause from our manufacturing operations until next Wednesday April 8, 2020.

Slide background

Please use email if at all possible and include a phone number if a return call is preferred.

Please be safe and remain aware of the risks.

If your inquiry is not urgent please leave a message and it will be handled as quickly as possible.

Please share this will any and all that you deem may need to know.

Presales, service and support will be available M-F from 9am - 6pm EST.

Emails to solutions@cyprx.com will be addressed in a timely manner and calls to +1.810.245.2300 will be returned if you leave a detailed email with your name and return phone number.

To valued partners,

As Covid-19 continues to create challenges for personal health and business continuity we have decided to take a brief pause from our manufacturing operations until next Wednesday April 8, 2020.