Installation Manual | TM-20231129-RD-01 iProtect Access / Security | Functionalities |Deister TSU200 reader with SIC 6347 |
This manual represents the knowledge at the above-mentioned time. TKH security works non-stop to improve her products. For the most recent technical information please contact your consultant or dealer.
1. Introduction
This article explains how you can implement the deister reader TSU 200 with SIC 6347 based on OSDP communication and describes the functions and settings.
2. Support and license
Below is an overview of support for both the hardware and the software, including the necessary license:
Version | License |
---|---|
Version >= 10.3.15 | iProtect basic license |
Sufficient reader license | |
SIC5 version | d79_1.71_r157.4__hw21F8_sw21F8_for_min_bl166__SIC5 |
latest test version iProtect 10.4.1 |
2.1 Supported cards
With SIC version 6347 UHF DNA cards for specific project
Other cards or custom keys on request.
3. What is OSDP
Open Supervised Device Protocol (OSDP) is an access control communications standard developed by the Security Industry Association (SIA) to improve interoperability among access control and security products.
OSDP was approved as an international standard by the International Electrotechnical Commission in May 2020 and has been published as IEC 60839-11-5.
OSDP V2.2 which is based on the IEC 60839-11-5 standard, was released in December 2020.
OSDP readers are only supported by stacked Orions (RS485 connection)
4. Installation
4.1 Connecting the reader
SIC connector | Signal | CAT5 cable > Orion PRT 1 or 2 |
---|---|---|
Pin 3 | VCC 8-30V DC | |
Pin 2 | GND | |
Pin 10 | B | White/Orange & White/Green |
Pin 9 | A | Orange&Green |
Max. cable distance between Orion and the SIC reader = 120 Mtr. This is based on CAT5E - 24AWG
This cable distance is based with installing an external power supply. (for Reader and Sic)
5. Implementation
5.1 General
OSDP readers are completely handled by the nodemanager, so the nodemanager should run to obtain access by a OSDP card reader.
The readermanager is not involved by handling the OSDP protocol
5.2 Configure the reader in iProtect
Follow the steps below to configure an OSDP reader:
Connect the reader (see chapter “Connecting the reader”)
Press the discover button in the line dialog of the Pluto.
Wait until the discover process is ready: Read-in event=> Read-in event: Stop, Line: xxx…
Refresh the line dialog of the Pluto, if an OSDP device is detected it will be shown as a Node below the Port of the Orion where the reader is connected to.
Change the OSDP compatibility setting at the OSDP node to “No reader in capabilities”
(Not full compliant with OSDP Deister SIC 6347)Right mouse click at the OSDP reader in the treeview and click on “add reader”
Fill in the logic unique name of the reader.
Click on the save button.
If an RS485 reader has already been connected to the PRT port, the pluto must first be restarted before the discover is executed and the OSDP node can be created.
The discover function for OSDP devices checks for the following settings:
Baudrate: 9600, 19K2, 115K2 baud, They are all non-parity, 8 bit, 1 stop bit
Device address: 0, 1, 2, 3, 4, 5, 6, 7, 8, 13, 14, 24
If other settings are necessary, set these settings manually.
Note: SIC 6347 default: 9600N81 baud, OSDP address 1
5.3 OSDP reader settings
For OSDP readers there are some specific settings.
It’s possible to setup the buzzer time when a card is recognized, this can be done at the door behavior tab of the reader.
Buzzer time | card recognized | |
---|---|
Setting | Behavior |
Empty | No buzzer when card is recognized |
1 - 15 (for Deister keep empty !) | buzzer time (1/10 sec), empty is no buzzer |
Not supported by Deister, if selected the buzzer will start but does not stop. Reboot needed to solve this.
6. Secure channel
OSDP v2 with Secure Channel has AES-128 encryption to ensure that communication between the targeted devices is strict and secure.
All OSDP devices have a known standard Secure Channel Base Key (SCBK), according to the OSDP specification. The SCBK is a key shared between the peripheral/reader and the controller, which is used once to initiate encryption. The SCBK allows the controller (Pluto/ApolloN) to send a challenge command (critical information that the peripheral/reader can use to initiate a Secure Channel session). Note that OSDP security is not limited to the Secure Channel Base Key. The SCBK is used only once at the start of the session before auto-generated session keys are used to encrypt the OSDP data.
If the security status is “Active scbkd” at the node you can set a random key with the button <Set keys (SC)>. If pressed the key is set into the reader and stored in the controller (Pluto / ApolloN)
Refresh the page to see the results.
The button <Set keys (SC)> generates and stores a key into the reader
The OSDP secure channel key himself is only visible for Root and Installer users
Once a key is set into the reader it cannot be cleared or rewritten by the system, if the current key is not known. (not allowed in the OSDP protocol, security risk). If the key must be cleared (Reset) follow the procedure what is delivered by the reader manufacturer.
7. General notes
by normal operation
The Red led on, and blinking by access denied
The Green led is off, by granted access green (red is off while blinking)
The yellow led is blinking shortly (100mS) every approx 2,5 seconds
If connection is lost with iProtect <> SIC
only the yellow led is blinking shortly (100mS) every approx 2,5 seconds (delay approx 10 seconds)
8. Known issues
Tests done with d79_1.71_r157.4__hw21F8_sw21F8_for_min_bl166__SIC5
So now and then the readers sends tamper alarm messages, with the latest tested firmware it looks like the reader does not “lock” himself anymore. It looks like this happens when there are multiple cards in the field.
Reader beep is not correct suported by Deister, advice don't use
After setting the security key, there will be an error “Failed to verify PD cryptogram” , reboot device to solve this.
The reader does not report that there is a card reader available, solution set No reader in capabilities
9. iProtect settings SIC 6347
Card data presentation | ||
---|---|---|
Format | Decimal | |
Calculated length | 9 |
Card data interpretation | ||
---|---|---|
Format | ||
Reader communication protocol | HEX | |
Card type | None | |
Data length | 28 | |
System code | ||
Start | 1 | |
Code | “empty“ | |
facility | ||
Start | 1 | |
Code | “empty“ | |
Card number | Start | 22 |
Length | 7 | |
Modulo | “empty“ | |
Offset | “empty“ |