HowTo - Activate and configure the OSDP extension
This article provides an introduction to OSDP extension and explains how to activate and configure it on the TBS devices.
Introduction
The OSDP (Open Supervised
Device Protocol) is an Industry standard protocol designed to connect field devices with controller
through RS485 interface. Its intended to replace the outdated interfaces like Wiegand etc. The TBS
devices support OSDP to act as Peripheral Device (PD) in the RS485 bus, replying to Controller/Control Panel (CP) commands which is ‘master’.
The implementation is based on OSDP standard v2.1.7 and newer.
The default communication parameters are
9600 bps, 8 data bits, 1 stop bit and no parity. The encrypted communication is not enforced by
default for installation simplicity.
Activation
The OSDP is available as a standard extension on the TBS devices. It could be enabled under the Extensions page using the DC.

For certain controllers like SiPass, SiPort, Genetec special OSDP extensions are available which support enhanced integration with OSDP by supporting more commands than just authorization. For these controllers, pls contact TBS for the custom code to activate those extensions.
Configuration
Once enabled, there is a sub-page available that provides the configuration to be enabled.
- Operation - Mode: The OSDP extension can be configured to operate in following modes.
- Authorization: In this mode, the device transfers the ID (FlexID/UserID) to controller for access rights and waits for its feedback to finalize the
transaction/booking. If there is no feedback received, the transaction is reported as failed.
- AccessInfo: This mode configures the device to just inform the transaction result to the controller. Hence, no
feedback is required from controller. It was used in field for integrating intrusion controller.
- Address: Each device connected on a particular RS485 port of the controller must have an unique address set. Ensure that the device address matches with the controller.
- Baudrate: If the controller has a different baud rate than default 9600, the same value should be set in device.
- Exclude marking character read: This sets the device to exclude the marking character '0xFF' from controller messages. As per the standard, this character should be sent by controller at beginning of each message. However, some controllers don't adhere to this standard.
- NOX controller compatibility: This is a special setting to enable compatibility with NOX controller.
- Encryption: The device supports encrypted communication using AES128 with CP as described in the OSDP standard. The Secure encryption key could be either set using DC interface or transferred from controller during secure session. The following Encryption modes are supported and can be set in DC.
- Encryption Off: The encrypted communication is not enforced in this mode. The CP can either communicate plain or encrypted (by establishing secure session with default or configured key)
- Encryption On (Default key is valid): The encrypted communication is enforced in this mode but fallback to default key (as defined in OSDP standard) is allowed. It implies that CP can establish secure session with PD using default key to transfer a new secure encryption key. The PD terminates the secure session and switches to ‘Encryption On (only configured key is valid)’ mode after receiving new key (through KEYSET command). The CP should initiate a new secure session with configured key. This mode is recommended only during installation to synchronize the secure key from CP to PD.
- Encryption On (only configured key is valid): In this mode only encrypted communication is allowed and secure session can only be established using configured secure key.
The PD by default is set to ‘Encryption Off’ mode for installation simplicity.

NOTE: In ‘Encryption Off’ or ‘Encryption On (Default key is valid)’ mode, the PD automatically switches itself to ‘Encryption On (only configured key is valid)’ when the CP establishes secure session with configured key. It is done so to improve security compliance.
- Custom ID format: By default, the ID (UserID/FlexID) is transferred using RAW (0x50) reply to poll request as a bit stream for authorization. For simplicity, the data is
transmitted by default as 64-bit format without any parity bit or facility codes. It could also be customized using the custom format. The Format should match between controller and device to get the correct ID from device to controller.
Troubleshooting
If the device is not able to establish communication with controller, then the warning message 'Controller is offline (602)' is reported in the DC home page. In this case, the device will still authenticate the users, but the transactions will fail with 'Rights request failed' and ID will not be received in the controller. To troubleshoot this scenario, verify the following items in given order:
- Verify the device address and baudrate
- Ensure that the RS485 connection (IO+, IO- and GND) is properly connected between the device and controller. NOTE: For 2D SENSE Series 21 terminals, the common GND is mandatory for RS485 connections.
- Enable detailed logs as shown below and forward to TBS for analysis.
Related Articles
HowTo - Install and configure Wiegand Interface
This article describes the procedure how to install and configure Wiegand interface on TBS devices. Installation All TBS devices offer Wiegand output directly on board (ports 'Wiegand Out1 / Out2'). Typically, connection of the output ports on TBS ...
HowTo - Handle 'Processing...' error
BioManager may report 'Processing...' error endlessly after installation/upgrade. This is a generic error indicating an internal component was not installed or configured properly. No standard solution can be given, hence more information is required ...
FAQ - IP configuration on devices
Question How can I change the IP settings of TBS devices? Answer Usually server and client IP addresses of TBS devices need to be adapted to your installation. This can be done in two ways: directly on device screen, using network configuration pages ...
HowTo - Resolve 3D finger positioning problems
I am not able to position finger properly inside the 3D sensor, how to resolve it? If users are not able to position finger properly inside the 3D sensor, this could be caused by improper sensor calibration. You can resolve it by following below ...
HowTo - Re-enable web service authentication after it was disabled
Although web service authentication is enabled by default with WebEdition R10 or later, this can be disabled as shown in below article: https://help-center.tbs-biometrics.com/portal/kb/articles/howto-handle-access-denied-error-with-webedition-r10 ...