The following sequence should be followed to get the OSDP communication operating when an ACU boots up or is reset.

Last update: Sept 2025.

Flush the input buffer. If there had been any sort of link issue previous to firmware startup there could be noise data in the hardware.

Listen for traffic. If there is traffic then there is a link issue or another ACU is already running.

Send a poll on sequence 0 using CRC, in the clear. Repeat as needed per your retry counter. Look for a valid osdp_ACK or a valid osdp_LSTATR. Not a NAK. If it's a nak/0 bad sequence simply try again. If it's a nak/encryption required report "reader already paired".

This step is in reference to getting a session set up with one PD. If you have multiple PD's you need to keep the rest going while you do this.

Six times, send a poll (properly sequenced) and process the returning ACK. If you get an osdp_LSTATR count that as a valid response.

This step is about one PD. If you had other PD's in flight you'd keep them running while doing this. Six osdp_POLL commands in a row to one PD. This is to establish known link stability.

After at least 7 (1 + 3 + 3) iterations of a valid poll/ack pair, do an osdp_ID and process the PDID response.

The meaning of this step is confirm at least 7 command/response message pairs have been transmitted/received before declaring the link online.

Do an osdp_CAP, process the response.

• If the PD does not support CRC, abort the connection. The PD is too old to operate securely.
• If the PD does not support secure channel, abort the connection unless you intend to use the PD over an unencrypted connection.
• Checksum is (a) not secure, can be spoofed and (b) not allowed in secure channel, which is the preferred mode.
• Assuming the PD meets necessary criteria:
  • record the max message size the PD capability lists if any
  • perform any necessary checks given the model and firmware versions reported in the PDID response.

Assuming you want secure channel and it's paired, do a challenge on the paired key and proceed.

"Do a challenge" means send the osdp_CHLNG message that starts the four-message secure channel set up sequence.

Alt Step 8A

If the ACU is in Installation Mode i.e. prepared to send a key for pairing and if the PD is prepared to have a key loaded (not paired, not configured for cleartext only) then establish a secure channel (CHLNG, CCRYPT, SCRYPT, RMAC-I) using the default key and then deply the pairing key using KEYSET.

Alt Step 8B

If you meant to communicate with the PD in the clear, proceed from here