About managing OSS Standard Offline locks - Access rights for offline locks are stored on card credentials. Locks that comply with the OSS Standard Offline access control standard can read and interpret these access rights uniformly. You can manage these locks by encoding the cards in Security Center. - Security Center 5.13

Security Center Administrator Guide 5.13

Product
Security Center
Content type
Guides > Administrator guides
Version
5.13
ft:locale
en-US
Last updated
2025-04-11

Access rights for offline locks are stored on card credentials. Locks that comply with the OSS Standard Offline access control standard can read and interpret these access rights uniformly. You can manage these locks by encoding the cards in Security Center.

Supported hardware

The following offline locks are certified compatible with Security Center:
ASSA ABLOY
  • Aperio E100 wireless escutcheon
  • Aperio C100 wireless cylinder
DOM
  • ENiQ Pro digital cylinder
  • ENiQ LoQ digital furniture lock
  • Guard Wideline digital handle
Uhlmann & Zacher
  • CX8120

About encoding cards for OSS Standard Offline

In the MIFARE DESFire configuration task in Config Tool, you can create configurations that comply with the OSS Standard Offline. These configurations use an application type and contain file types specific to the OSS Standard Offline. After creating this type of configuration for the first time, custom fields are automatically created in Config Tool. The custom fields ensure that the proper access rights can be encoded on cards and the correct entities can be linked to events.

You can encode cards with the OSS Standard Offline configuration using a smart card encoding station configured for OSS.

Access rights and blocklists on cards

Access rights are stored on the card and must be renewed periodically according to a revalidation period. This period determines how long the card remains valid. By default, the revalidation period is set to 7 days, but it can be adjusted. Once a card becomes invalid, it cannot open any offline locks.

To renew the access rights on a card, present it to a reader configured to update card information.

If a valid card is lost, you can add it to a blocklist by deactivating the credential in Security Center. Blocklisted credentials cannot unlock offline doors and are not updated when presented to a reader.
IMPORTANT: Once a credential is blocklisted, you cannot manually remove it from the blocklist, even if you reactivate the credential in Security Center. After the revalidation period of the card ends, the card is automatically removed from the blocklist. At this point, you can reactivate the credential in Security Center if not already done, and then present the card to a reader for update. The revalidation period then restarts and the card can once again access doors according to its encoded access rights.

Event monitoring and reporting

When a card is presented to a door controlled by an offline lock, events from the lock are written onto the card. When the card is updated through a reader, the information is written to the Access Manager database. The event types and the number of events stored on the card are configured in the OSS Standard Offline configuration.
IMPORTANT: To ensure that events are recorded with the correct timestamp, the offline lock, Synergis™ unit, and Security Desk must all be set to the same time zone. The Synergis unit and Security Desk assume that the offline lock is in the same time zone as they are, and interpret the event timestamp accordingly. If the reported timestamp is in the future, the event is discarded.
The OSS events are displayed as system events in the Security Desk Monitoring task. You can generate reports on them using the Door activities task.
NOTE: If the lock is low on battery, it writes an event with the timestamp of the latest scan of the battery.