Advancing OSS-SO: Inside the CoreWillSoft GmbH and OSS Association collaboration 

Raising the bar for access control

In physical security, vendor lock-in slows progress. Proprietary systems make upgrades difficult and costly. Inconsistent communication protocols and closed interfaces further complicate system maintenance and upgrades. That is why we at CoreWillSoft GmbH partnered with the Open Security Standards Association e.V. to improve device compatibility and raise the bar for access control.

CoreWillSoft GmbH and OSS Association launching OSS-SO test suits

Together, we are launching a compliance test suite for the OSS Standard Offline (OSS-SO). It gives manufacturers, integrators, and security buyers a clear way to confirm that their products follow the standard and work reliably in real deployment environments.

What OSS‑SO means in practice

OSS-SO is an open standard for access control interoperability. It defines a clear, shared data, also known as Data-on-Card or Network-on-Card, format for credentials stored on cards, allowing offline locks from different manufacturers to read and host software from different providers. That lets customers compose systems using hardware from multiple suppliers without worrying about compatibility.

Data-on-Card or Network-on-Card

OSS-SO specification is already used across thousands of projects in Europe, mostly in setups where smart locks and readers operate without a constant network connection. It supports secure authentication while keeping systems cost-effective and flexible, especially for installations in large facilities, critical infrastructure, and educational institutions that rely on dependable offline access control. 

The importance of compliance with OSS-SO

Compliance with the OSS-SO standard means more than claiming its support on paper. A standard only delivers value when it seamlessly works across all the products in the ecosystem. In our work with clients, we often came across situations where systems and devices marked as “OSS-SO compliant” failed to work together because each vendor made small changes or interpreted the parts of the standard in their own way. These gaps caused unnecessary troubleshooting, project delays, and increased maintenance expenses. True interoperability requires consistent behavior, verified through clear, repeatable tests. 

With our experience developing OSS-SO-compliant software – including the white-label OSS-SO Configurator – and a strong understanding of where things typically go wrong during the implementation, we proposed a test-based compliance method to the OSS Association. After receiving approval from the steering board, we adopted our comprehensive test suite covering each section of the standard for a broader application range and supported its integration into the certification program. The goal was clear from the start: to make OSS-SO easier to adopt, more consistent to implement, and a symbol of trust in real-world hybrid access control projects.

Ivan Kravchenko, CEO at CoreWillSoft about OSS-SO certification

What OSS-SO test suite includes

We designed the OSS-SO test suite to check every major part of a system: 

  • Readers: Confirm they read and write on supported cards correctly, covering MIFARE® DESFire® and LEGIC Advant. 
  • Updaters: Verify they manage blacklists, log events, and sync with the host system, including edge scenarios. 
  • Configuration tools: Ensure they handle OSS-SO settings, add, edit, remove sites and doors, and resolve setup issues. 
  • Host systems: Check they stay in sync with all devices and exchange data reliably with configuration tools.
OSS-SO test suites focuses

The test suite also supports verification of event reporting, response timing, and secure credential formatting. All tests are version-controlled, and results are traceable through detailed reports. 

To keep testing fair and consistent, we disable any vendor-specific extensions. Only standard OSS-SO behavior is evaluated. MIFARE® Classic® is also excluded due to security reasons. 

How certification works

We group tests by system setup, such as Configuration Tool with Reader or Updater with Host System. Each test utilizes a defined version of the suite, and a shared card set. If the implementation changes, recertification is required. 

Certified products receive a full report, including tested firmware and software versions, supported card technologies, test outcomes, and any known and discovered limitations. Only approved certifiers can run the tests. Today, there are two: CoreWillSoft GmbH and evolutionID GmbH.

Why OSS-SO certification benefits manufacturers

OSS-SO certification helps you: 

  • Sell into more markets, since certified systems and devices work in any setup;
  • Build trust, by offering a recognizable hallmark; 
  • Improve quality, with tests that catch edge cases like sync issues and malformed credentials; 
  • Simplify installation, since systems built on certified parts work together as smoothly as expected. 

It also reduces post-deployment support costs, as certified products behave predictably and minimize troubleshooting. 

Certification also helps you: 

  • Detect and address issues early, before rollout; 
  • Meet requirements in public and private tenders where OSS-SO is a requirement
  • Save time on integration by working with a standardized, validated feature set
  • Improve documentation and communication with integration partners; 
  • Access OSS Association tools, updates, and support channels. 

The OSS-SO Certificate is not just a formal label. It shows that your product has undergone structured testing, meets the technical acceptance criteria of the standard, and is ready to be deployed in systems that use equipment from multiple vendors.

What is next

The OSS Association will release the test suite as part of its OSS-SO Certification program. Only approved certifiers are allowed to conduct compliance testing, so manufacturers can collaborate with CoreWillSoft GmbH to acquire this status. Products that meet all requirements will receive the OSS-SO Compliance Certificate

CoreWillSoft GmbH also offers product consulting. Whether you are planning a new reader, updating firmware, configuration software, or expanding your platform offering, we can help you align with the standard from the very beginning.

Frederik Hamburg, Chairman, OSS Association about OSS-SO certification

Make your access products future-ready 

The launch of the OSS-SO certification process is a turning point for access control. With testing in place, OSS-SO becomes easier to implement and delivers more value to all customers. We are proud to be part of this step forward. 

If you are building access solutions and want to improve compatibility, now is the time to act. OSS-SO certification positions your product for success. 

Get in touch with us to learn how to start testing, certify your product, or develop a stronger roadmap that includes OSS-SO support from the start. 

Share This Post

Read More

Contact Us

Contact us for more questions

Do you need additional information about us or our product? Contact us now!