The world is not the same as it was pre-COVID-19, businesses included.

“The complexion of the work environment has changed dramatically due to the pandemic,” says Jody Ross, vice president of sales, AMAG Technology, Hawthorne, Calif. “Many organizations have shifted from large office spaces to more hoteling-like scenarios.”

And, with the rise of hybrid work and a come-when-you-want office model, workers past and present are now digging their keycards and badges out of their wallets. However, loose credentials are a security risk. And, they carry more germs, which is risky when trying to make a safe return to office. Frictionless solutions also keep workers productive.

“The more frictionless experience customers have or occupants of a building have in accessing a building, the more productive they are, the more time they save,” says Sheeladitya Karmakar, global offering leader, enterprise security, Honeywell Building Technologies, Atlanta.

This frictionless experience is becoming more common in buildings looking to revamp their readers, with mobile credentials taking the lead.

“The right mobile credential can provide tremendous opportunities to enhance the user experience for integrators, their customers, and individual users alike,” says Scott Lindley, vice president and general manager, Farpointe Data, San Jose, Calif. “Integrators appreciate when the order process for mobile credentials is identical to what they’ve been used to for years with physical credentials.”


Trends in Readers & Credentials

Despite mobile credentials becoming more popular, the move away from keycards has had some slow adoption.

“The adoption of using a smartphone has been slow, since using traditional passive credentials systems are cheaper and simpler for tap-and go-access for the user, versus waiting for an app on the phone to authenticate,” says David Ito, project manager, Camden Door Controls, Ontario, Canada.

Although still used, 125kHz proximity cards are on the way out, according to the experts, since they’re easy to replicate.

“Providing credentials and keeping them updated could be challenging,” Ross says. “That is why companies have started to shift towards using mobile devices for credential management. Permissions and administration can be done remotely, keeping the credentials up to date at all times.”

The digital revolution has also increased the desire for mobile credentials and touchless, frictionless access.

“As everything we touch becomes digital, and we rely on our mobile devices for more and more of our everyday activities, seamless access is becoming more of an expectation than an aspiration,” says Jake Fergerstrom, product manager, readers and credentials portfolio, Allegion, Carmel, Ind.

Additionally, mobile credentials are on the rise simply because it’s difficult to lose something you have on your person at all times.

“Given the choice, most users would prefer the use of mobile technology over a physical device, so providing options and driving awareness is key,” says James Reno, vice president, commercial sales, Alarm.com, McLean, Va.


OSDP Versus Wiegand

Tony Diodato headshot
OSDP


From fobs to fingerprints, access control credential and reader technologies are continually improving. To effectively secure an access control system, though, each component requires evaluation.

While the invisible connection between the reader and controller is equally critical to security, countless credential readers are still communicating through Wiegand — a technology that hasn’t been updated since Wiegand became a widely accepted access control interface back in the 1980s and ’90s.

Wiegand was fine for readers and panels several decades ago, but today’s readers and panels have become more sophisticated. Meanwhile, the technology to hack Wiegand connections has become cheap and readily available, which means an access control system can quickly be compromised from outside an entrance.

Fortunately, the Security Industry Association has spearheaded development of Wiegand’s replacement over the past decade. The Open Supervised Device Protocol (OSDP), a protocol  that typically utilizes an RS-485 interface, is now an internationally accepted standard. Here’s why we recommend OSDP over Wiegand/proprietary protocols:


Security:

  • OSDP v2 with Secure Channel has AES-128 encryption and authentication: Data is encrypted and never transmitted the same way twice, making it virtually impossible to eavesdrop on the connection, preventing stolen data, credential cloning, and unauthorized access.
  • OSDP’s bidirectional communication enables supervision: Panels are alerted if readers lose power, malfunction, or are vandalized.
  • OSDP meets federal access control requirements (PKI/FICAM).


Interoperability

  • OSDP was designed for mixing and matching of OSDP devices to best suit the application.


Functionality:

  • OSDP’s bidirectional communication enables a two-way conversation between the reader and panel. Wiegand, a simple interface, moves data in one direction.
  • OSDP supports standard reader I/O signals as protocol messages, instead of requiring physical wires or I/O lines. For example, the panel can send a command to the reader to turn on the green LED for 5 seconds, then turn it off — with just a single command. Wiegand requires individual I/O wires to control each of the reader’s LEDs.
  •     OSDP supports 1024 bits of credential data, allowing more data to be transferred; Wiegand data formats are usually 200 bits or less.
  • OSDP biometric readers can be installed similar to any OSDP reader using two-wire RS-485; no Ethernet or PoE connection is required. Biometric data is handled with specific OSDP protocol messages.
  • Since OSDP supports a variety of communication baud rates it can be fine-tuned to a network’s needs, accommodating many readers or longer cable runs.


Cost-effectiveness:

  • OSDP was designed to support multi-drop installations, reducing cable use.
  • OSDP supports the file transfer feature, allowing the controller to send a file to the reader to upgrade firmware or configure the device without rolling trucks to each device.
  • OSDP readers and peripheral devices can be installed up to 4,000 feet from an OSDP controller, reducing the number of controllers required. Wiegand is generally limited to 500 feet.
  • OSDP readers are addressable and can connect to the same OSDP port on the panel, allowing panels to support more readers (check with your panel manufacturer).


Industry support:

  • OSDP was approved in 2020 by the International Electrotechnical Commission (IEC 60839-11-5) as an international access control standard. OSDP has also officially replaced Wiegand as SIA’s access control standard.
  • While OSDP was originally developed by companies such as HID, Mercury and Lenel, the rights to the protocol were donated to the Security Industry Association. Under SIA’s guidance, OSDP v2 was developed by representatives from many security companies.
  • OSDP continues to be advanced by SIA’s OSDP Working Group, part of the larger SIA Standards Access Control & Identity Subcommittee, which is a group of engineers, product developers, specifiers and security professionals. SIA welcomes involvement in the OSDP Working group.

SIA encourages broad adoption of OSDP, and recommends specifying OSDP “for any access control installations that require real security and/or will be used in government and other higher-security settings.”

When access needs to be secure, migrating to the OSDP protocol is as critical as using secure credentials, readers and panels, since the access control chain is only as strong as its weakest link.  — Tony Diodato is the founder and chief technology officer of Cypress Integration Solutions, and currently serves as the co-chair of the Security Industry Association’s OSDP Working Group. Here, he explains the benefits of OSDP versus Wiegand, which he previously discussed with SDM


Mobile credentials come with many added benefits for users.

“First and most obviously, they are right on your phone, so you no longer need to juggle or remember a physical card or fob,” says Mike Green, product manager, BlueDiamond ecosystem, LenelS2, Pittsford, N.Y. “But beyond that, they are highly customizable and can enable things like hands-free entry based on user-programmable proximity, shake-to-open for entries with turnstiles and more. Mobile credentials are also much simpler to provision, de-provision and manage, making them a boon for users and security or building personnel alike.”

Mobile credentials are also revolutionizing safety in office buildings.

“The market was starting to slowly transition to Bluetooth readers and mobile technology before the pandemic, but now security teams are finding the budget and prioritizing the upgrade,” Ross says. “The pandemic has shown the need for touchless solutions once in the office, and for solutions that require remote setup for employees who continue to primarily work from home.”

Mobile credentials are also reducing the hardware footprint around the door, making access control more accessible for businesses.

“Mobile technologies are poised to disrupt and provide better paths for adoption and technology refresh,” Reno says.


Allegion card reader

Physical credentials, like keycards and keyfobs, still have a place in access control despite the rise of mobile credentials. // IMAGE COURTESY OF ALLEGION


The End of Keycards & Fobs?

With all the talk about the benefits of mobile credentials, keycards and fobs must be on the way out, right? It’s a mixed bag, according to those interviewed. Some believe that both near field communication (NFC) keycards and fobs will be used in tandem with mobile credentials.

“I don’t believe the widespread use of mobile credentials will signal the death of cards and fobs,” says Lindley of Farpointe. “While we can do a great job of educating users to alleviate any perceived fears of going mobile, there will always be some who don’t want access control functionality on their phones. It’s not an either/or scenario, as integrators today can offer seamless mobile solutions — for proximity or contactless smartcard installations — that give access control administrators the ability to have both mobile and physical credentials within the same system.”

Fergerstrom of Allegion adds, “There are several challenges that mobile credentials need to solve for before we expect to see mass adoption across the industry. Opportunities for improvement include consistency in the user experience, cross-platform functionality, and the need for a physical identification badge in many sectors, among others. We do, however, expect to see shifts in the mix of our plastic credential business over the long term in favor of our mobile Bluetooth and NFC credentials.”

Some believe that keycards will endure.

“Not only will physical cards endure, but there will be more choices for producing them,” says Jim Dearing, solutions manager of physical access control, HID Global, Austin, Texas. “The latest inkjet printers for industrial card personalization deliver better quality at lower cost than ribbon-based technology, along with easier deployment, upgrades, and maintenance than possible with large central issuance machines. There are also new ways to issue and personalize ID cards. Cloud-based issuance platforms enable remote management of all card design, encoding to printing.”

Others believe in full obsolescence.

“I don’t know the exact timeline when [keycards] will become obsolete, but we are seeing a lot of requests from multiple customers, especially enterprise customers who are are shifting toward mobile credentials,” says Karmakar of Honeywell.

Brach Bengtzen, director of marketing at ProdataKey, Draper, Utah, adds, “I think that one of the big reasons why physical credentials are still out there is because people are used to what has always been working.”


Cyber Hardening Readers & Credentials

Despite their ease of use, readers and credentials face the same cyber problems as other devices in the industry.

“Any reader tied to the internet, including Wi-Fi, is vulnerable to the same issues of other IoT devices and must follow current network security protocols,” Ito of Camden Door Control says. “Closed network readers using BLE or UWB are more isolated from being hacked.”

Having unencrypted mobile credentials is just as risky as having easy-to-replicate prox cards.

“Unencrypted credentials can be easily cloned and copied, so using encrypted credentials, like mobile credentials or MIFARE DESFire cards, can help bolster your security,” James Segil, vice president of access control at Motorola Solutions, Chicago. “Your system is only as secure as the weakest link.”

The adoption of the Open Supervised Device Protocol (OSDP) has allowed readers to be more cybersecure (see “OSDP Versus Wiegand” sidebar). Dearing says upgrading to essential security features like secure messaging, mutual authentication and a random unique identifier (UID) can also better protect user privacy.

“These features can also help mitigate the chances of more complicated attacks such as man-in-the-middle attacks,” he adds.

PDK PoE

ProdataKey (PDK)’s PoE++ Module Kit is an expansion module that equips any pdk Red high-security door controller with PoE. When plugged into the controller’s board, the PoE++ Module powers the board itself and all the electrified hardware connected to it. The result is simplified installation and reduced cable runs that deliver savings on both labor and materials. // IMAGE COURTESY OF PRODATAKEY


Bluetooth & Beyond

Many believe that mobile credentials and readers will be integrated with other capabilities, like time and attendance, wellness checks, emergency response, smoke or CO2 detection, video integration, built-in microphone and tailgating detection, just to name a few.

“The simple piece of plastic on the wall will become the first-impression experience in any smart space,” Sczygiel of Brivo predicts.

Additionally, expect improvements to the technology, including less latency when using, leveraging more powerful processors in new smartphones. The positive experience for occupants, and the security for administrators, will justify the higher installation costs. “Readers and credentials will play a key role in driving many significant trends, from digitization to cloud-based identity management to mobile credentials that are part of increasingly integrated systems,” Dearing says. “Readers and credentials will also continue to be integral elements of enabling contactless building access and more frictionless access experiences, helping people safely return to work, school and other activities.”

And, expect a stronger bond between physical security and cybersecurity, even more multi-factor authentication in readers, including biometric authentication, and an emphasis on readers that connect to touchless solutions.

“As we see mobile grow, will there even be a reader on the wall next to each door anymore? We will have that answer before long.” Fergerstrom says.


Sidebar 1

OSDP.jpg

Tony Diodato Headhsot.png

IMAGE COURTESY OF CYPRESS INTEGRATION SOLUTIONS

OSDP Versus Wiegand

From fobs to fingerprints, access control credential and reader technologies are continually improving. To effectively secure an access control system, though, each component requires

evaluation.


While the invisible connection between the reader and controller is equally critical to security, countless credential readers are still communicating through Wiegand — a technology that hasn’t been updated since Wiegand became a widely accepted access control interface back in the 1980s and ’90s.


Wiegand was fine for readers and panels several decades ago, but today’s readers and panels have become more sophisticated. Meanwhile, the technology to hack Wiegand connections has become cheap and readily available, which means an access control system can quickly be compromised from outside an entrance.


Fortunately, the Security Industry Association has spearheaded development of Wiegand’s replacement over the past decade. The Open Supervised Device Protocol (OSDP), a protocol  that typically utilizes an RS-485 interface, is now an internationally accepted standard. Here’s why we recommend OSDP over Wiegand/proprietary protocols:


Security:

    OSDP v2 with Secure Channel has AES-128 encryption and authentication: Data is encrypted and never transmitted the same way twice, making it virtually impossible to eavesdrop on the connection, preventing stolen data, credential cloning, and unauthorized access.

    OSDP’s bidirectional communication enables supervision: Panels are alerted if readers lose power, malfunction, or are vandalized.

    OSDP meets federal access control requirements (PKI/FICAM).


Interoperability

    OSDP was designed for mixing and matching of OSDP devices to best suit the application.


Functionality:

    OSDP’s bidirectional communication enables a two-way conversation between the reader and panel. Wiegand, a simple interface, moves data in one direction.

    OSDP supports standard reader I/O signals as protocol messages, instead of requiring physical wires or I/O lines. For example, the panel can send a command to the reader to turn on the green LED for 5 seconds, then turn it off — with just a single command. Wiegand requires individual I/O wires to control each of the reader’s LEDs.

    OSDP supports 1024 bits of credential data, allowing more data to be transferred; Wiegand data formats are usually 200 bits or less.

    OSDP biometric readers can be installed similar to any OSDP reader using two-wire RS-485; no Ethernet or PoE connection is required. Biometric data is handled with specific OSDP protocol messages.

    Since OSDP supports a variety of communication baud rates it can be fine-tuned to a network’s needs, accommodating many readers or longer cable runs.



Cost-effectiveness:

    OSDP was designed to support multi-drop installations, reducing cable use.

    OSDP supports the file transfer feature, allowing the controller to send a file to the reader to upgrade firmware or configure the device without rolling trucks to each device.

    OSDP readers and peripheral devices can be installed up to 4,000 feet from an OSDP controller, reducing the number of controllers required. Wiegand is generally limited to 500 feet.

    OSDP readers are addressable and can connect to the same OSDP port on the panel, allowing panels to support more readers (check with your panel manufacturer).


Industry support:

    OSDP was approved in 2020 by the International Electrotechnical Commission (IEC 60839-11-5) as an international access control standard. OSDP has also officially replaced Wiegand as SIA’s access control standard.

    While OSDP was originally developed by companies such as HID, Mercury and Lenel, the rights to the protocol were donated to the Security Industry Association. Under SIA’s guidance, OSDP v2 was developed by representatives from many security companies.

    OSDP continues to be advanced by SIA’s OSDP Working Group, part of the larger SIA Standards Access Control & Identity Subcommittee, which is a group of engineers, product developers, specifiers and security professionals. SIA welcomes involvement in the OSDP Working group.


SIA encourages broad adoption of OSDP, and recommends specifying OSDP “for any access control installations that require real security and/or will be used in government and other higher-security settings.”


When access needs to be secure, migrating to the OSDP protocol is as critical as using secure credentials, readers and panels, since the access control chain is only as strong as its weakest link.  — Tony Diodato is the founder and chief technology officer of Cypress Integration Solutions, and currently serves as the co-chair of the Security Industry Association’s OSDP Working Group. Here, he explains the benefits of OSDP versus Wiegand, which he previously discussed with 

SDM. (link: https://www.sdmmag.com/media/podcasts/2672-sdm-editors-podcast/play/99-sdm-staff-editor-amanda-reed-chats-with-tony-diodato 




Pull quotes

“The more frictionless experience customers have or occupants of a building have in accessing a building, the more productive they are, the more time they save.” 

—Sheeladitya Karmakar, Honeywell Building Technologies

“They are not a secure way to manage access when they can be cloned in your local supermarket via a vending machine for under 30 dollars,” — John Sczygiel, Brivo.

 “Your system is only as secure as the weakest link.”— James Segil, Motorola Solutions.


IMAGES

MAIN_Allegion mobile credential.png

Mobile credentials are easy to manage, hard to lose, and a catalyst for innovation, enabling contactless building access and more frictionless access experiences, and helping people safely return to work, school, and other activities.

IMAGE COURTESY OF ALLEGION



Allegion card reader.jpg




PDK PoE.png

ProdataKey (PDK)’s PoE++ Module Kit is an expansion module that equips any pdk Red high-security door controller with PoE. When plugged into the controller’s board, the PoE++ Module powers the board itself and all the electrified hardware connected to it. The result is simplified installation and reduced cable runs that deliver savings on both labor and materials.

IMAGE COURTESY OF PRODATAKEY