CoreWillSoft GmbH and OSS Association Introduce OSS-SO Certification Test Procedures

This entry was posted in Access Control Industry News Physical Security Press Release and tagged CoreWillSoft OSS-SO on by

Bonn, Germany

August 1, 2025

The Open Security Standards Association e.V. (OSS) is set to launch a new compliance test suites for the OSS Standard Offline (OSS-SO), developed by CoreWillSoft GmbH. The aim is to provide manufacturers, integrators, and security buyers with assurance that their products comply with the OSS-SO standard and function effectively in real-world scenarios.

While supporting production deployments, CoreWillSoft GmbH identified an issue: devices labelled as OSS-SO compliant do not always perform reliably when used together, particularly in edge cases. To address this issue, CoreWillSoft GmbH proposed a structured, test-based quality assurance method to the OSS Association. The company developed dedicated test suites, and the OSS will integrate them into its official certification programme. Security manufacturers are also actively getting involved into the process in order to raise the standard implementation quality across the ecosystem.

What OSS-SO covers

OSS-SO is an open standard that supports interoperability between online and offline access control systems and components. It defines how credentials are stored on cards, allowing offline locks from different vendors to read them consistently. By standardizing credential handling, OSS-SO allows hardware and software from different manufacturers to work together without compatibility issues.

What the test suites checks

The test suites cover versions A1 and B1 of OSS-SO. It verifies the functionality of essential components of an access system, including readers, updaters, configuration tools and host systems. The tests cover:

  • Data exchange
  • Reader behaviour
  • Card compatibility (MIFARE® DESFire®, LEGIC Advant)
  • Blacklist handling
  • System events

To ensure an objective process, customer-specific extensions are disabled during testing. MIFARE® Classic® has also been removed as it does not comply with current security requirements.

How OSS-SO certification works

The tests are organised by system setup, such as the configuration tool, reader, host system, and updater. Each test run uses a versioned suite and a standardised set of cards to ensure consistent and verifiable results. Certified products must reference OSS-SO updates in their release notes and be recertified if the implementation changes.

Only approved certifiers carry out the OSS-SO tests. At launch, there are two: CoreWillSoft GmbH and evolutionID GmbH.

“Modern access control systems depend on reliable interoperability, and that is precisely what these test suites are designed to facilitate,” says Ivan Kravchenko, CEO at CoreWillSoft GmbH. “By working directly with the OSS Association, we have created a toolkit that helps manufacturers validate their products with confidence, giving customers peace of mind that compliant devices will work together without any surprises.”

“With the launch of our certification test cases, we are taking a major step toward consistent and reliable implementation of open security standards. This initiative reflects our core belief that collaboration across the industry is the key to achieving meaningful, vendor-independent certification — creating real value for manufacturers, integrators, and end users alike.” — Frederik Hamburg, Chairman, Open Security Standards Association

The OSS Association is currently working on the OSS-SO certification programme, which is backed by a robust testing methodology as set out in the test suites. Each certified product will receive a detailed summary report listing the tested software and firmware versions, supported card types and limitations, discovered during the test. Products that meet the requirements will be awarded the OSS-SO Certificate.

Why it matters

This project enhances trust, clarity, and compatibility within the physical security market. It demonstrates CoreWillSoft’s commitment to the industry and the OSS Association’s efforts to promote standards and transparency.

About CoreWillSoft GmbH

CoreWillSoft GmbH is a software development company focused on building secure, custom solutions for the physical security industry. Based in Germany, the company works with manufacturers, solution providers, and integrators to create access systems, audit existing security products, and help bring standards-based features to market faster. 

About the Open Security Standards Association

The OSS Association is a non-profit industry alliance that promotes open, vendor-neutral access control standards. Its OSS-SO standard is widely used in offline smart lock systems across Europe, enabling products from different vendors to work together reliably.

Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information. BSM is cited as one of Feedspot’s top 10 cybersecurity magazines.