Access control systems rely on communication between readers and controllers to authenticate users and manage permissions. Historically, this communication has been dominated by wired protocols such as Wiegand, and more recently, Open Supervised Device Protocol (OSDP). While OSDP introduces improvements over Wiegand in terms of security and bidirectional data flow, both remain reliant on physical wiring and centralized control. To address these constraints, Spintly has developed a wireless architecture based on Bluetooth Low Energy (BLE) Mesh, enabling decentralized, scalable, and cloud-native access control.
Comparing Access Control Architectures: Wiegand vs OSDP vs BLE Mesh
Architecture Overview
Wiegand, one of the earliest standards used in electronic access control, employs a unidirectional, unencrypted wired connection from the reader to a centralized control panel. Each reader typically requires a dedicated home-run cable, increasing installation complexity and cost. Additionally, the protocol transmits data without authentication or encryption, making it vulnerable to interception and spoofing attacks
Key Characteristics:
- Each reader is hard-wired directly to the controller.
- Communication is unidirectional (from reader to controller only).
- No encryption, vulnerable to data interception.
- Home-run wiring leads to complex and costly installations.
OSDP, maintained by the Security Industry Association (SIA), is designed to address many of Wiegand’s limitations. Version 2 of OSDP supports bidirectional communication over RS-485, allows for multi-drop configurations, and includes AES-128 encryption through its Secure Channel Protocol (SCP) [2]. This enables remote configuration, firmware updates, and real-time status monitoring. However, OSDP still relies on physical wiring and remains controller-centric, which imposes limitations in distributed or retrofit environments.
Key Characteristics:
- Uses RS-485 bus: readers are daisy-chained.
- Bidirectional communication via Secure Channel Protocol (AES-128).
- Still wired, but allows multi-drop topology.
- Improved over Wiegand but still depends on a central controller.
BLE Mesh, by contrast, employs a wireless, multi-hop mesh topology as specified by the Bluetooth SIG Mesh Profile Specification v1.0 [3]. Devices, or “nodes,” can relay messages to one another, enabling a scalable and self-healing communication network. In Spintly’s architecture, each BLE-enabled device can act as both a reader, controller and a repeater, significantly reducing cabling requirements. The system communicates securely using AES-128 CCM encryption, meets modern cryptographic standards. An IOT gateway which is part of the mesh network acts as the cloud connecting device making the architecture cloud native. The architecture also supports single door controllers which are part of the mesh network connected to readers over OSDP or Wiegand. This allows standard readers to be a part of the mesh topology allowing interoperability and reuse.
Key Characteristics:
- Wireless BLE Mesh: each node can relay data to others.
- Decentralized: no single point of failure.
- Minimal wiring (e.g., just for door power).
- Fully cloud-native, supports remote updates.
- AES-128 CCM encryption, compliant with Bluetooth Mesh spec v1.0.
Comparative Analysis
BLE Mesh improves on legacy systems in several key areas
Feature | Wiegand | OSDP (v2) | BLE Mesh (Spintly) |
Communication Type | Unidirectional, unencrypted | Bidirectional, encrypted (AES-128 SCP) | Bidirectional, encrypted (AES-128 CCM) |
Topology | Star (home-run wiring) | Bus (RS-485 multi-drop) | Mesh (wireless, multi-hop) |
Wiring Requirements | High | Moderate | Minimal |
Installation Complexity | High | Moderate | Low |
Controller Dependency | Centralized | Centralized | Decentralized |
Remote Management | Not supported | Supported | Fully supported |
Compliance Standards | Legacy only | SIA OSDP v2.2 [2] | Bluetooth SIG Mesh v1.0 [3] |
Security Capabilities | None | AES-128 SCP | AES-128 CCM |
Wiegand’s vulnerabilities and inflexibility have led to its gradual phase-out in regulated environments. OSDP, while more secure, retains physical and architectural limitations. BLE Mesh removes the physical wiring bottleneck altogether, offering wireless communication with modern encryption, dynamic routing, and the flexibility to operate in complex, distributed access control scenarios.
Discussion
In large facilities or retrofitted buildings, the wiring demands and centralized dependency of Wiegand and OSDP can present both logistical and cost challenges. BLE Mesh, as implemented by Spintly, reduces infrastructure overhead by enabling nodes to communicate wirelessly and route data through the mesh. This simplifies installation, reduces total cost of ownership, and allows for more adaptable system design. The use of standards-based encryption (AES-128) ensures that wireless communication remains secure, while cloud-native management provides remote monitoring, access configuration, and firmware updates without the need for localized control panels.
The result is an access control architecture that is easier to deploy, more secure, and better suited to modern building automation needs, particularly in multi-tenant or geographically distributed environments.
References
- ANSI/SIA DC-07-2002: Wiegand Interface Standard for Access Control Systems. Security Industry Association.
- ANSI/SIA OSDP v2.2.1: Open Supervised Device Protocol. Security Industry Association, 2023.
- Bluetooth SIG. Bluetooth Mesh Profile Specification v1.0. July 2017.
