PUBLIC
This manual represents the knowledge at the above-mentioned time. TKH security works non-stop to improve her products. For the most recent technical information please contact your consultant or dealer.
1. Introduction
This article explains how you can implement the NEDAP NVITE reader based on OSDP communication and describes the functions and settings.
The NVITE reader can be used with multiple identification technologies for variety of users, such as staff, tenants and visitors. Identification is depending on the userenabled technologies: presenting a card, scanning a barcode or activating a smartphone credential. Typical applications are access control to car parks, perimeter gates, office buildings and warehouses.
2. Support and license
Below is an overview of support for both the hardware and the software, including the necessary license:
Version | License |
---|---|
Version 10.3.15 | iProtect basic license |
Sufficient reader license |
2.1 Supported cards
Card type | Description |
---|---|
Desfire cards | TKH coded AES crypted |
QR code | iProtect Crypted QR |
Other cards or custom keys on request
3. What is OSDP
Open Supervised Device Protocol (OSDP) is an access control communications standard developed by the Security Industry Association (SIA) to improve interoperability among access control and security products.
OSDP was approved as an international standard by the International Electrotechnical Commission in May 2020 and has been published as IEC 60839-11-5.
OSDP V2.2 which is based on the IEC 60839-11-5 standard, was released in December 2020.
OSDP readers are only supported by stacked Orions (RS485 connection)
4. Installation
4.1 Connecting the reader
Nedap cable pigtail | CAT5 cable > Orion PRT 1 or 2 | Signal |
---|---|---|
Brown | Orange&Green | RS485 A |
Green | White/Orange & White/Green | RS485 B |
Black | Brown | 0VDC |
Red | External Power supply | 12-24VDC |
Max. cable distance between Orion and the NVITE reader = 120 Mtr. This is based on CAT5E - 24AWG cable.
Reader must be powered by an external power supply
5. Implementation
5.1 General
OSDP readers are completely handled by the nodemanager, so the nodemanager should run to obtain access by a OSDP card reader.
The readermanager is not involved by handling the OSDP protocol
5.2.1 Configure the reader in iProtect
Follow the steps below to configure an OSDP reader:
Connect the reader (see chapter “Connecting the reader”)
Press the discover button in the line dialog of the Pluto.
Wait until the discover process is ready: Read-in event=> Read-in event: Stop, Line: xxx…
Refresh the line dialog of the Pluto, if an OSDP device is detected it will be shown as a Node below the Port of the Orion where the reader is connected to.
Change the OSDP compatibility setting at the OSDP node to “No reader in capabilities”
Right mouse click at the OSDP reader in the treeview and click on “add reader”
Fill in the logic unique name of the reader.
Click on the save button.
If an rs485 reader has already been connected to the PRT port, the pluto must first be restarted before the discover is executed and the OSDP node can be created.
The discover function for OSDP devices checks for the following settings:
Baudrate: 9600, 19K2, 115K2 baud, They are all non-parity, 8 bit, 1 stop bit
Device address: 0, 1, 2, 3, 4, 5, 6, 7, 8, 13, 14, 24
If other settings are necessary, set these settings manually.
5.2.2 NVITE OSDP defaults
OSDP address | 0 |
Communication speed | 9600 baud |
Port setting | N81 |
5.3 OSDP reader settings
For OSDP readers there are some specific settings.
It’s possible to setup the buzzer time when a card is recognized, this can be done at the door behavior tab of the reader.
Buzzer time | card recognized | |
---|---|
Setting | Behavior |
Empty | No buzzer when card is recognized |
1 - 15 | buzzer time (1/10 sec) |
Most used setting for buzzer time = 2
6. Secure channel
OSDP v2 with Secure Channel has AES-128 encryption to ensure that communication between the targeted devices is strict and secure.
All OSDP devices have a known standard Secure Channel Base Key (SCBK), according to the OSDP specification. The SCBK is a key shared between the peripheral/reader and the controller, which is used once to initiate encryption. The SCBK allows the controller (Pluto/ApolloN) to send a challenge command (critical information that the peripheral/reader can use to initiate a Secure Channel session). Note that OSDP security is not limited to the Secure Channel Base Key. The SCBK is used only once at the start of the session before auto-generated session keys are used to encrypt the OSDP data.
If the security status is “Active scbkd” at the node you can set a random key with the button <Set keys (SC)>. If pressed the key is set into the reader and stored in the controller (Pluto / ApolloN)
Refresh the page to see the results.
The button <Set keys (SC)> generates and stores a key into the reader
The OSDP secure channel key himself is only visible for Root and Installer users
Once a key is set into the reader it cannot be cleared or rewritten by the system (not allowed in the OSDP protocol, security risk). If the key must be cleared (Reset) follow the procedure what is delivered by the reader manufacturer.
7. Settings card coding
7.1 NVITE DESFire
This below cardata interpretation can be linked to the existing DESFire card number presentation.
In iProtect browse to the menu Access → Settings → Card coding → Card data interpretation. Right mouse click in the treeview dialogue and click Add card data interpretation.
Enter the following data:
Name: | OSDP NVITE DESfire |
Card number presentation: | Select the existing DESFire presentation |
Format: |
|
Reader communication protocol: | ABA |
Card type: | None |
Data Length: | 16 |
System code: |
|
Start: | 5 |
Code: | 002974 (for demo cards) |
Facility: |
|
Start: | 1 |
Code: | 0600 |
Card number: |
|
Start | 11 |
Length: | 6 |
Modulo: |
|
Offset: |
|
Interpretation selection |
|
Start: | 1 |
Length: | 0 |
Code: |
|
Expire date: |
|
Start | 1 |
Length: | 0 |
Date control: | No expire date check |
Format: | YYMMDD |
Keypad | Do not change |
Offline Validity: | Do not change |
SV WO: | Do not change |
Consistency: | Do not change |
7.2 NVITE Crypted QR
The card data interpretation below can be linked to a standard QR code presentation, which can be generated using the card number presentation wizard.
In iProtect, navigate to the menu Access → Settings → Card coding → Card number presentation.
Right-click in the treeview dialog and select 'Wizard card number presentation.'
Enter a logical name and choose the QR code option from the default card data interpretation list.
Click the OK button.
After refreshing the page, you will see a new card number presentation and a corresponding card data interpretation. Modify the card data interpretation settings as follows:
Name: | OSDP NVITE QR crypted |
Format: |
|
Reader communication protocol: | Hexadecimal |
Card type: | QR barcode |
Encryption: | Aes128 |
Encryption key: | your key |
Data Length: | 32 |
System code: |
|
Start: | 1 |
Length: | 6 |
Code: | 000b9e (for demo cards) |
Facility: |
|
Start: | 1 |
Length: | 11 |
Code: | 00000000000 |
Card number: |
|
Start | 7 |
Length: | 6 |
Modulo: |
|
Offset: |
|
Interpretation selection |
|
Start: | 0 |
Length: | 0 |
Code: |
|
Expire date: |
|
Start | 13 |
Length: | 8 |
Date control: | Expire date check, including date |
Format: | YYYYMMDD |
Keypad | Do not change |
Offline Validity: | Do not change |
SV WO: | Do not change |
Conssistancy: | Do not change |
Filter: |
|
Start tag: | 0300 |
End tag: |
|