Evolution of Access Control Credentials: 4 Reasons to Adopt OSDP

By: Rich Lyman, Manager of Global Technology, Netronix Integration and Ivan Golian, IT Director, Netronix Integration

The security industry is no stranger to combating vulnerabilities. Whether physical or cyber threats, security professionals must always anticipate what could go wrong and have a plan already in place to respond accordingly. Open Supervised Device Protocol (OSDP), first released in 2011, is one tool available to the industry that is beginning to gain much traction for both its ease of implementation and secure encryption.

OSDP is an access control communication standard developed by the Security Industry Association (SIA) that has gained global acceptance, replacing 40-year-old Weigand protocol. While Weigand is still prevalent in some legacy security systems today, it no longer meets the needs of consumers. Weigand is simply a binary set of data without room for evolution, but end users demand more. The industry must adapt to the changing needs of consumers, and OSDP is helping to accomplish this.

1. Encryption
OSDP supports 128-bit AES encryption, making it far more secure than Weigand. This encryption protocol is required in all U.S. federal government applications, and has been adopted by the National Institute of Standards and Technology (NIST). With encryption in place beginning with the access control card, “man in the middle” hacks are practically eliminated. In addition, increased encryption measures support companies’ compliancy with privacy laws, such as GDPR. Using Weigand puts data at risk, whereas OSDP protects it, and in turn keeps sensitive information secure.
2. Interoperability
OSDP works under an open architecture, which allows for system functionality to change as needs do. This makes system maintenance more economical, and provides the flexibility to update as needs change, without a costly price tag. End users can use equipment from most manufacturers that conform to OSDP protocols, allowing for a customized solution tailored to user’s unique needs and budgets. OSDP is also on track to become an International Electrotechnical Committee (IEC) standard, the world’s leading organization that establishes international standards across electrical technologies, further expanding its reach.
3. Bi-Directional data communications and advanced Smart Card Capabilities
Unlike Weigand, OSDP provides support for bidirectional communications and advanced Smart Card Capabilities (such as PKI/FICAM and biometrics), further enhancing the security of a system. With the ability to host multiple devices on the same wire, it reduces the risk of a compromise with badge-to-reader communication. Support for smart cards further enhances flexibility, while maintaining system integrity.
4. Evolving Protocol
In a world where hackers attack every 39 seconds, it is more important than ever to not only have a secure protocol in place, but one that can evolve as needs change. SIA has a working group dedicated to the development and maintenance of OSDP so that it matures at a steady pace and remains relevant. OSDP is a living, breathing, evolving protocol, so to speak, and advances on-pace with technology.

End users are engaging in conversations surrounding physical and cyber security more than ever, and in turn are becoming more active in the decision-making process, as it relates to their security system. It is the integrator’s job to educate end users on technology and standards available to them, and this includes OSDP.

For more information on OSDP you can visit

3 Reasons to Adopt Mobile Credentials

By J. Matthew Ladd, The Protection Bureau

Over the past four years, the adoption of mobile credentials for access control has increased significantly, and is expected to account for 20% of all credentials by 2020. While it will be some time before mobile credentials replace the tried and true plastic card completely, the industry is beginning to embrace this new technology and implement it in a way that provides more secure data exchanges in the long run. In an industry where old habits die hard, it is important to examine the advantages of all possible solutions and decide what is best for you.

  • 1) Mobile credentials are less likely to get lost
    The largest security risk, as it relates to access control, is if a credential gets into the wrong hands. There is no easy way to identify when this happens, or even to track where the credential ends up. By the time a user realizes their credential is missing and reports it, it could have already been used to access secure areas. If this card is replaced with a mobile credential, the likelihood of it going missing decreases significantly. There are few daily tasks that can be completed without a cell phone. From tracking calendars, taking conference calls and checking emails on the go, a busy professional is never without their mobile device, and if they are, they typically know where they left it. The same cannot be said for a credential card. People could leave it on their desk, in their car or at home without a second thought. Try hiding someone’s cell phone versus their credential card and see which one they notice is missing first.
  • 2) Mobile credentials offer more than traditional credentials – and are more convenient
    While mobile credentials get you in the door, they have the power to accomplish so much more. Already, mobile devices have multifactor authentication built into them, with fingerprints, pins and facial recognition technology. If an access control system utilizes these built-in features, users can gain the heightened security of multifactor authentication without the need for new hardware, which can be costly and time consuming. In addition, mobile devices also have location services built into them, alleviating the need to scan an actual badge by using proximity servers to identify when a person is near a door they need access to. When juggling coffee, laptops and breakfast in the morning, the last thing an employee wants to worry about is digging around for a credential card.
  • 3) Mobile credentials can save money
    Mobile credentials already seem like the easiest choice, but the real selling point is that they can be far more cost effective than the traditional access control badge. They are easily upgradable and eliminate the cost associated with issuing a physical badge or access control card to every employee. Because employees are already using their cell phones, it makes sense to leverage the technology everyone already carries in their pockets. This is especially useful on college campuses or hotels, where key cards are replaced frequently.

Overall, mobile credentials are making a good case for themselves. From convenience, to increased security, to long-term cost savings, it simply seems like the logical direction for the industry to go. As implementation has picked up in past years, time will tell if the industry adopts mobile credentials exclusively.

Today’s Lesson: Know Your Security System

By J. Matthew Ladd

Teachers have their lesson plans and students have their homework. The goal with both is to be prepared — either for a day in the classroom for educators, or for that upcoming quiz or test for scholars.

But school districts that have recently spent thousands of dollars on security system installations — many of which were sent out from bid last year and then were put in during the summer months in time for classes to resume in September — need to educate themselves as well.

With all that the latest surveillance and access control technology offers to school security personnel, too often these systems are rushed into place to coincide with the new school year. As a result, training becomes an afterthought.

Taking the time to familiarize yourself with the features of each system means you’ll get the most out of it. While the project may have met your first day of school deadline, it’s incumbent on security personnel to spend time getting to know the inner workings of the cameras, recorders, analytics, card readers and the like.

Fortunately, you have an excellent tutor available — your integrator. We can walk you through everything you need to know about your new school security system as well as help train your staff on its nuances.

Sometimes it’s as simple as making sure all the features are completely operational: Are all the cameras turned on, are the readers working properly? In other cases, it’s sharing the capabilities of your new system with local law enforcement so they can best respond to an event at a school, should something happen.

You may also want to seek input from your integrator on setting up system rules and procedures for responding to particular types of situations so you can offer the best security coverage possible.

Today’s systems are fully featured and can provide a plethora of information before and during a crisis as well as forensically. If you do a little homework now, we can help you learn how to maximize your system.

Say Yes to Access Control: Affordable Options Have Become a Reality

By Bill Hogan
Access control is now affordable even for your smallest locations.

Whether you are running a small business office, doctors office, coffee shop or retail store, it’s important to ensure that you protect staff and assets. While for some this may mean simply locking the front door at night with a key, the introduction of new technology at a lower price points now means that every business can afford the cost of access control today.

For example, in recent years manufacturers have introduced more technologies in support of the small access control market, with systems designed for the one to four door customer. This means that for property managers they can save both time and money by implementing access control.

With a card-based system, the small business can use a proximity card and reader system that allows them to issue an access control card to employees. This can be an ideal approach for a business with multiple locations where they want someone to have access to more than one location. Using a proximity card to access the building also cuts down on re-key costs when an employee leaves.

Another cost effective option is to install a keypad system on the exterior of an office door. When an office manager enters his pin number, it can unlock the door for the day and also provide a report on the open and close times of that location. This information can be accessed remotelyby the retail manager to lock and unlock the door, for example.

In addition, with a keypad-based system the administratorof the system can issue multiple pin numbers to employees, so that each person has a unique pin. That pin number can be easily deactivated if the employee no longer works at that location.

Whichever approach you decide to take there are many access control systems from which to choose from that are technologically advanced yet affordable. Installing an access control system is s an investment worth making in your business.

Mobile Credentials: Access in a New Age

By J. Matthew Ladd

For the majority of individuals, the mobile phone is the go-to accessory. Along with car keys and nowadays, a Fitbit or some other activity tracker, a smartphone is the one thing people can’t be without.

It has already replaced the watch and the camera and is rapidly taking over for credit cards, so it stands to reason that the more that can be accomplished via the smartphone, the more efficient people will be, including using the smartphone as an access control credential. A smartphone, unlike an access card, is less likely to be forgotten at home in a purse or a pair of pants or left on the desk at work or in the dorm.

Operating much like the usual access card, a mobile credential uses Bluetooth technology to “talk” to the reader to verify and authorize a user’s credential. But the twist is that it’s the smartphone that is driving the transaction, typically using an app to receive secure information via a cloud-based server that tells the reader what to look for and, if the information is correct, validates the process.

Since this is a cloud-based operation, not a static one, the authorization code updates continually, making for an even more secure transaction.

As with any newer technology, questions do come up about the integrity of using a personal smartphone for access control. But as we’ve all seen, confidence in the cloud as a secure environment continues to grow, addressing some of the data-related concerns. Also misplaced phones, just like missing access cards, can be taken offline so someone else can’t use the credential.

What companies, schools or government agencies don’t have to deal with any longer, however, is the costly process of issuing individual cards since the information is carried on the phone, nor do card users have to go through the monotonous routine of finding and swiping a card or punching in a code.

It is estimated that there will be 196 million smartphone users in the United States in 2016. With so much intelligence residing within the phone that people carry with them all day and every day, end users are eager to add mobile credentialing to the long list of operations they can now perform.

Managing Your Access Control System: Insource or Outsource?

By Bill Hogan

Insource or Outsource? It is a question we ask about all areas of our lives from home landscaping to IT infrastructure at your business. Sometimes, we all need a little bit of help to not just get the job done, but to get it done properly.

Often, these decisions are about jobs most anyone can do, but if you are running a business, do you want to spend valuable time and training on tasks that are not your expertise?

The same can be said for managing your access control system. Depending on the scope and size of your business, an access control system can be as complicated as providing a few employees with a badge to managing the access control credentials for thousands of associates. Badging, scheduling doors, access control permissions and auditing can be daunting to people who don’t manage it every day.

Some businesses leave the daily maintenance of the access control system up to an office manager or receptionist who may not have the time or wherewithal to handle this on a regular basis. This is where Managed Access comes into play, providing end users with a managed service that can remotely handle their credentialing, scheduling and reporting processes for their access control system.

If a customer wants a Managed Access service, the security systems integrator will step in to handle all aspects of managing the system, from generating new credentials or removing access for employees who have left, to generating daily and weekly access control reports. With this approach, the regular management of the system is taken care of directly by the security systems integrator. Badges can even be sent directly to end users.

The use of managed access control systems is increasing. As company infrastructure grows, so does the ability to network locations and provide off-site services and hosting. When it comes to managing access control systems, end users now have a choice in the matter – do you have the time and expertise to manage the system on your own or should you leverage the expertise of your security company? Insource or outsource…you decide.