Manufacturer 1-on-1: Mercury Security CEO Frank Gasztonyi

April 15, 2015

This week at ISC West in Las Vegas, Mercury Security Corporation Co-Founder and CEO Frank Gasztonyi was honored with the Security Industry Association’s Sandra Jones Volunteer of the Year Award for his work in developing and promoting the Open Supervised Device Protocol (OSPD) specification, which enables access control devices to work together.

Originally developed about 10 years ago, Gasztonyi said that OSDP was a standard Mercury hoped manufacturers of peripheral access control devices would adopt to help improve connectivity with their access panels. Gasztonyi said that when SIA later became interested in renewing their efforts in standards development, they indicated that they wanted to host and develop the protocol further to help turn it into a SIA specification.

From there, SIA developed the OSDP Working Group within which Gasztonyi has worked to refine the standards and bring it to the industry as a whole. In this “Manufacturer 1-on1” interview, Gasztonyi discusses his work on the OSDP specification and broader industry trends as it relates to the adoption of standards.

SIW: What was the genesis of OSDP and where are things today in terms of building acceptance and support for it in the industry?

Gasztonyi: That goes back to the early 2000s when Mercury had developed interfaces for three to four proprietary serial devices. We had implemented protocol drivers that did very similar things - each with slight variation – in their own unique way. What we were looking to see is if we could convince the suppliers of peripheral devices, such as card readers, biometric devices, keypads and displays, to converge on a standardized interface. Then we could all benefit because the interoperability and the overall market appeal would be significantly enhanced, especially if we could get contributions from all of those different sources and everybody throwing their resources into the development of one, all-encompassing specification. That’s when I proposed and distributed the initial draft that turned out to be OSDP quite a few years later.

SIW: How far do you think the industry has come in terms of willingness to adopt standards?

Gasztonyi: I think the industry is making a really good move toward adoption of standards. The critical part about standards is they have to address the proper level of what one puts into the standard. Basically, the standards have to facilitate interconnectivity and interoperability between devices. However, there is a hard limit as to how far standards should go or can go and still stay effective and relevant. Mercury is also actively involved in the PSIA (Physical Security Interoperability Alliance) effort as well. I’m not personally working on it, but I track it and we are actively supporting their efforts also.

SIW: There are still some grumblings about standards throughout the industry both on the part of installers and vendors saying that they haven’t adequately addressed many of the integration challenges. What do you think needs to take place to address some of these concerns?

Gasztonyi: I think we need further clarification on the application level behavior of the devices. Within OSDP, we have now created a handful of operational profiles and each profile defines a product type with a particular behavior because the standard encompasses a wide range of messages and not every device has to incorporate every single message. A device that is intended for a particular application now has to conform and has to support a designated message set. That will allow manufacturers to state what profile their product conforms to and now your installers and your end customers can specify those specific profiles. I think as those behavior profiles or functional profiles emerge, that is when standards become more meaningful.

SIW: The video side of the industry has been one of the biggest drivers behind the development of standards, but what role does access control have to play in making standards a bigger part of the market than they are today?

Gasztonyi: On the video side, the representation of images and the transfer of that data - even though it is complex and high volume and so on – has also been worked on and supported by related video transfer industries as well. For example, the video file types did not have to be created and managed by the security industry. Those data representations were already available and ready for adoption by the video guys.

On the access industry side, the data transfer of the content is more varied and that was really what I was referring to previously about how far standards can effectively go in terms of the representation of what one company says belongs to an employee record, for example, for proper management of a system will vary from another company’s view of how those things should be represented and managed. And the overall level of complexity of what access systems are required to do and how far that data needs to go down into the field panels for effective operation, that complexity is not going to allow a broad standardization of the functions of access control devices.

That’s where I disagree with some of the presentations that I hear by companies who make edge-type devices, the access control near the door and how those devices can become standardized. Unfortunately, standards require that a large group of independent business entities agree on how that behavior or how that data representation needs to look. Because each company addresses the market needs within their own application, their own customer base and their own view of what is the most effective way to go to market, to get consensus on those is going to be a challenge that is not likely to be resolved in the next few years if ever.

SIW: What do you think the future holds, in general, for the development and adoption of standards across the security industry?

Gasztonyi: I think standardization will continue. I think the primary areas that you can achieve standardization are devices that can be interchangeable at the end point levels. For example, the definition of peripheral devices as what we’re doing with OSDP. We’re going to have an interoperability demonstration at ISC West showing that multiple products can perform to a given profile. Simple end devices are likely to be standardized. Also the communication means so that devices can use standard networks. You do not need specialized wire or specialized connectors, for example, but the content application, you’re not likely to get a host application standardized. Everybody’s software is going to be slightly different, everybody’s control panel or control panel functions are going to be different , so the standardization is going to move on and be more prevalent but not at the application layer.