ocpp-j-1.6-specification

欧美AC充电桩通讯协议OCPP

Open Charge Point Protocol JSON 1.6,

OCPP-J 1.6 Specification

欧美AC充电桩通讯协议OCPP

Table of Contents

1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  41.1. Purpose of this document. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  41.2. Intended audience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  41.3. OCPP-S and OCPP-J. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  41.4. Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  41.5. Definitions & Abbreviations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  41.6. References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  52. Benefits & Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  63. Connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  63.1. Client request. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  63.2. Server response. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  83.3. More information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  94. RPC framework. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  94.1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  94.2. Message structures for different message types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  115. Connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  145.1. Compression. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  145.2. Data integrity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  145.3. WebSocket Ping in relation to OCPP Heartbeat. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  145.4. Reconnecting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  155.5. Network node hierarchy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  156. Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  156.1. Network-level security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  156.2. OCPP-J over TLS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  157. Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  20

欧美AC充电桩通讯协议OCPP

1

欧美AC充电桩通讯协议OCPP

Copyright © 2010 – 2015 Open Charge Alliance. All rights reserved.

This document is made available under the *Creative Commons Attribution-NoDerivatives 4.0 International Public License*(https:///licenses/by-nd/4.0/legalcode).

2

欧美AC充电桩通讯协议OCPP

Version History

3

欧美AC充电桩通讯协议OCPP

Contents

1. Introduction

1.1. Purpose of this document

The purpose of this document is to give the reader the information required to create a correctinteroperable OCPP JSON implementation (OCPP-J). We will try to explain what is mandatory, what isconsidered good practice and what one should not do, based on our own experience. Undoubtedlymisunderstandings or ambiguities will remain but by means of this document we aim to prevent themas much as possible.

1.2. Intended audience

This document is intended for developers looking to understand and/or implement OCPP JSON in acorrect and interoperable way. Rudimentary knowledge of implementing web services on a server orembedded device is assumed.

1.3. OCPP-S and OCPP-J

With the introduction of OCPP 1.6, there are two different flavours of OCPP; next to the SOAP basedimplementations, there is the possibility to use the much more compact JSON alternative. To avoidconfusion in communication on the type of implementation we recommend using the distinct suffixes-J and -S to indicate JSON or SOAP. In generic terms this would be OCPP-J for JSON and OCPP-S for SOAP.Version specific terminology would be OCPP1.6J or OCPP1.2S. If no suffix is specified for OCPP 1.2 or 1.5then a SOAP implementation must be assumed. As of release 1.6 this can no longer be implicit andshould always be made clear. If a system supports both the JSON and SOAP variant it is consideredgood practice to label this OCPP1.6JS instead of just OCPP1.6.This document describes OCPP-J, for OCPP-S see: [OCPP_IMP_S]

1.4. Conventions

The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULDNOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as describedin [RFC2119].

1.5. Definitions & Abbreviations

4

欧美AC充电桩通讯协议OCPP

1.6. References

5

欧美AC充电桩通讯协议OCPP

2. Benefits & Issues

The WebSocket protocol is defined in [RFC6455]. Working implementations of earlier draft WebSocketspecifications exist, but OCPP-J implementations SHOULD use the protocol described in [RFC6455].Be aware that WebSocket defines its own message structure on top of TCP. Data sent over a websocket,on a TCP level, is wrapped in a WebSocket frame with a header. When using a framework this iscompletely transparent. When working for an embedded system however, WebSocket libraries maynot be available and then one has to frame messages correctly according to [RFC6455] him/herself.

3. Connection

For the connection between a Charge Point and a Central System using OCPP-J, the Central System actsas a WebSocket server and the Charge Point acts as a WebSocket client.

3.1. Client request

To set up a connection, the Charge Point initiates a WebSocket connection as described in [RFC6455]section 4, "Opening Handshake".

OCPP-J imposes extra constraints on the URL and the WebSocket subprotocol, detailed in the followingtwo sections 4.1.1 and 4.1.2.

3.1.1. The connection URL

To initiate a WebSocket connection, the Charge Point needs a URL ([RFC3986]) to connect to. This URL ishenceforth called the "connection URL". This connection URL is specific to a charge point. The chargepoint’s connection URL contains the charge point identity so that the Central System knows whichcharge point a WebSocket connection belongs to.

A Central System supporting OCPP-J MUST provide at least one OCPP-J endpoint URL, from which theCharge Point SHOULD derive its connection URL. This OCPP-J endpoint URL can be any URL with a "ws"or "wss" scheme. How the Charge Point obtains an OCPP-J endpoint URL is outside of the scope of thisdocument.

To derive its connection URL, the Charge Point modifies the OCPP-J endpoint URL by appending to thepath first a '/' (U+002F SOLIDUS) and then a string uniquely identifying the Charge Point. This uniquelyidentifying string has to be percent-encoded as necessary as described in [RFC3986].

Example 1: for a charge point with identity “CP001” connecting to a Central System with OCPP-Jendpoint URL "ws:///ocpp" this would give the following connection URL:ws:///ocpp/CP001

6

欧美AC充电桩通讯协议OCPP

Example 2: for a charge point with identity “RDAM 123” connecting to a Central System with OCPP-Jendpoint URL "wss:///ocppj" this would give the following URL:wss:///ocppj/RDAM%20123

3.1.2. OCPP version

The exact OCPP version MUST be specified in the Sec-Websocket-Protocol field. This SHOULD be one ofthe following values:Table 1: OCPP Versions

The ones for OCPP 1.2, 1.5 and 2.0 are official WebSocket subprotocol name values. They are registeredas such with IANA.

Note that OCPP 1.2 and 1.5 are in the list. Since the JSON over WebSocket solution is independent of theactual message content the solution can be used for older OCPP versions as well. Please keep in mindthat in these cases the implementation should preferably also maintain support for the SOAP basedsolution to be interoperable.

It is considered good practice to include the OCPP version as part of the OCPP-J endpoint URL string. Ifyou run a web service that can handle multiple protocol versions on the same OCPP-J endpoint URLthis is not necessary of course.

3.1.3. Example of an opening HTTP request

The following is an example of an opening HTTP request of an OCPP-J connection handshake:

7

欧美AC充电桩通讯协议OCPP

GET /webServices/ocpp/CP3211 HTTP/1.1Host: :33033Upgrade: websocketConnection: Upgrade

Sec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw==Sec-WebSocket-Protocol: ocpp1.6, ocpp1.5Sec-WebSocket-Version: 13

The bold parts are found as such in every WebSocket handshake request, the other parts are specific tothis example.

In this example, the Central System’s OCPP-J endpoint URL is"ws://:33033/webServices/ocpp". The Charge Point’s unique identifier is "CP3211", sothe path to request becomes "webServices/ocpp/CP3211".

With the Sec-WebSocket-Protocol header, the Charge Point indicates here that it can use OCPP1.6J andOCPP1.5J, with a preference for the former.

The other headers in this example are part of the HTTP and WebSocket protocols and are not relevantto those implementing OCPP-J on top of third-party WebSocket libraries. The roles of these headers areexplained in [RFC2616] and [RFC6455].

3.2. Server response

Upon receiving the Charge Point’s request, the Central System has to finish the handshake with aresponse as described in [RFC6455].

The following OCPP-J-specific conditions apply:

If the Central System does not recognize the charge point identifier in the URL path, it SHOULDsend an HTTP response with status 404 and abort the WebSocket connection as described in[RFC6455].

If the Central System does not agree to using one of the subprotocols offered by the client, it MUSTcomplete the WebSocket handshake with a response without a Sec-WebSocket-Protocol header andthen immediately close the WebSocket connection.

So if the Central System accepts the above example request and agrees to using OCPP 1.6J with theCharge Point, the Central System’s response will look as follows:

8

欧美AC充电桩通讯协议OCPP

HTTP/1.1 101 Switching ProtocolsUpgrade: websocketConnection: Upgrade

Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=Sec-WebSocket-Protocol: ocpp1.6

The bold parts are found as such in every WebSocket handshake response, the other parts are specificto this example.

The roleof the Sec-WebSocket-Accept header is explained in [RFC6455].

The Sec-WebSocket-Protocol header indicates that the server will be using OCPP1.6J on this connection.

3.3. More information

For those doing their own implementation of the WebSocket handshake, [WS] and [WIKIWS] give moreinformation on the WebSocket protocol.

4. RPC framework

4.1. Introduction

A websocket is a full-duplex connection, simply put a pipe where data goes in and data can come outand without a clear relation between in and out. The WebSocket protocol by itself provides no way torelate messages as requests and responses. To encode these request/response relations we need a smallprotocol on top of WebSocket. This problem occurs in more use cases of WebSocket so there areexisting schemes to solve it. The most widely-used is WAMP (see [WAMP]) but with the current versionof that framework handling RPCs symmetrically is not WAMP compliant. Since the requiredframework is very simple we decided to define our own framework, inspired by WAMP, leaving outwhat we do not need and adding what we find missing.

Basically what we need is very simple: we need to send a message (CALL) and receive a reply(CALLRESULT) or an explanation why the message could not be handled properly (CALLERROR). Forpossible future compatibility we will keep the numbering of these message in sync with WAMP. Ouractual OCPP message will be put into a wrapper that at least contains the type of message, a uniquemessage ID and the payload, the OCPP message itself.

9

欧美AC充电桩通讯协议OCPP

4.1.1. Synchronicity

A Charge Point or Central System SHOULD NOT send a CALL message to the other party unless all theCALL messages it sent before have been responded to or have timed out. A CALL message has beenresponded to when a CALLERROR or CALLRESULT message has been received with the message ID ofthe CALL message.

A CALL message has timed out when: it has not been responded to, and

an implementation-dependent timeout interval has elapsed since the message was sent.

Implementations are free to choose this timeout interval. It is RECOMMENDED that they take intoaccount the kind of network used to communicate with the other party. Mobile networks typically havemuch longer worst-case round-trip times than fixed lines.

The above requirements do not rule out that a Charge Point or Central System will

NOTE

receive a CALL message from the other party while it is waiting for a CALLERROR orCALLRESULT. Such a situation is difficult to prevent because CALL messages from bothsides can always cross each other.

4.1.2. Character encoding

The whole message consisting of wrapper and payload MUST be valid JSON encoded with the UTF-8(see [RFC3629]) character encoding.

Note that all valid US-ASCII text is also valid UTF-8, so if a system sends only US-ASCII text, all messagesit sends comply with the UTF-8 requirement. A Charge Point or Central System SHOULD only usecharacters not in US-ASCII for sending natural-language text. An example of such natural-language textis the text in the LocalizedText type in OCPP 2.0.

4.1.3. The message type

To identify the type of message one of the following Message Type Numbers MUST be used.Table 2: Message types

When a server receives a message with a Message Type Number not in this list, it SHALL ignore themessage payload. Each message type may have additional required fields.

10

欧美AC充电桩通讯协议OCPP

4.1.4. The message ID

The message ID serves to identify a request. A message ID for a CALL message MUST be different fromall message IDs previously used by the same sender for CALL messages on the same WebSocketconnection. A message ID for a CALLRESULT or CALLERROR message MUST be equal to that of theCALL message that the CALLRESULT or CALLERROR message is a response to.Table 3: Unique Message ID

4.2. Message structures for different message types

You may find the charge point identity missing in the following paragraphs. The

NOTE

identity is exchanged during the WebSocket connection handshake and is a property ofthe connection. Every message is sent by or directed at this identity. There is thereforeno need to repeat it in each message.

4.2.1. Call

A Call always consists of 4 elements: The standard elements MessageTypeId and UniqueId, a specificAction that is required on the other side and a payload, the arguments to the Action. The syntax of acall looks like this:

[<MessageTypeId>, "<UniqueId>", "<Action>", {<Payload>}]Table 4: Call Fields

11

欧美AC充电桩通讯协议OCPP

For example, a BootNotification request could look like this:

4.2.2. CallResult

If the call can be handled correctly the result will be a regular CallResult. Error situations that arecovered by the definition of the OCPP response definition are not considered errors in this context.They are regular results and as such will be treated as a normal CallResult, even if the result isundesirable for the recipient.

A CallResult always consists of 3 elements: The standard elements MessageTypeId and UniqueId and apayload, containing the response to the Action in the original Call. The syntax of a call looks like this:[<MessageTypeId>, "<UniqueId>", {<Payload>}]Table 5: CallResult Fields

12

欧美AC充电桩通讯协议OCPP

For example, a BootNotification response could look like this:

4.2.3. CallError

We only use CallError in two situations:

1.An error occurred during the transport of the message. This can be a network issue, an availabilityof service issue, etc.

2.The call is received but the content of the call does not meet the requirements for a propermessage. This could be missing mandatory fields, an existing call with the same unique identifier isbeing handled already, unique identifier too long, etc.

A CallError always consists of 5 elements: The standard elements MessageTypeId and UniqueId, anerrorCode string, an errorDescription string and an errorDetails object. The syntax of a call looks likethis:

[<MessageTypeId>, "<UniqueId>", "<errorCode>", "<errorDescription>", {<errorDetails>}]Table 6: CallError Fields

Table 7: Valid Error Codes13

欧美AC充电桩通讯协议OCPP

5. Connection

5.1. Compression

Since JSON is very compact we recommend not to use compression in any other form than allowed aspart of the WebSocket [RFC6455] specification. Otherwise it may compromise interoperability.

5.2. Data integrity

For data integrity we rely on the underlying TCP/IP transport layer mechanisms.

5.3. WebSocket Ping in relation to OCPP Heartbeat

The WebsSocket specification defines Ping and Pong frames that are used to check if the remoteendpoint is still responsive. In practice this mechanism is also used to prevent the network operatorfrom quietly closing the underlying network connection after a certain period of inactivity. Thiswebsocket feature can be used as a substitute for most of the OCPP Heartbeat messages, but cannot

14

欧美AC充电桩通讯协议OCPP

replace all of its functionality.

An important aspect of the Heartbeat response is time synchronisation. The Ping and Pong framescannot be used for this so at least one original Heartbeat message a day is recommended to ensure acorrect clock setting on the Charge Point.

5.4. Reconnecting

When reconnecting a charge point should not send a BootNotification unless one or more of theelements in the BootNotification have changed since the last connection. For the previous SOAP basedsolutions this was considered good practice but when using WebsSocket the server can already makethe match between the identity and a communciation channel at the moment the connection isestablished. There is no need for an additional message.

5.5. Network node hierarchy

The physical network topology is not influenced by a choice for JSON or SOAP. In case of JSON howeverthe issues with Network Address Translation (NAT) have been resolved by letting the Charge Pointopen a TCP connection to the Central System and keeping this connection open for communicationinitiated by the Central System. It is therefore no longer necessary to have a smart device capable ofinterpreting and redirecting SOAP calls in between the Central System and the Charge Point.

6. Security

Two approaches exist for security with OCPP-J. Either one can rely on network-level security, or oneuses OCPP-J over TLS. Both approaches are described below.

It is important that at all times, one of these approaches is used. Practically, this means that a CentralSystem SHOULD NOT listen for incoming unencrypted OCPP-J connections from the internet.

6.1. Network-level security

For security one MAY rely on the security at a network level. This has historically been done withOCPP-S, and on networks that are set up appropriately one can also use OCPP-J without additionalencryption or authentication measures.

6.2. OCPP-J over TLS

Sometimes however a secured network is not available between Charge Point and Central System. Inthat case one can use OCPP-J over TLS. This section explains how this is done.

The security needed for OCPP communication actually consists of two separate features: encryptionand charge point authentication.

15

欧美AC充电桩通讯协议OCPP

Encryption means that the OCPP messages are encrypted so no unauthorized third party can see themessages exchanged.

Charge point authentication means that Central System can verify the identity of a charge point, so thatno unauthorized third party can pretend to be a charge point and send malicious messages to a centralsystem.

6.2.1. Encryption

The industry standard for encryption on the internet is Transport Layer Security (TLS) [RFC5246].Therefore OCPP is also adopting protocol for encrypting the connection between Central System andCharge Point. TLS with WebSocket is widely supported by libraries and for clients should be hardlymore difficult than using unencrypted WebSocket.

When using TLS, the central system MAY also provide a signed certificate that a charge point can use toverify the central system’s identity.

As some Charge Point implementations are using embedded systems with limited computingresources, we impose an additional restriction on the TLS configuration on the server side: The TLS certificate SHALL be an RSA certificate with a size no greater than 2048 bytes

6.2.2. Charge point authentication

For authentication, OCPP-J over TLS uses the HTTP Basic authentication scheme ([RFC2617]). Therelatively simple HTTP Basic authentication can be used because the connection is already TLS-encrypted, so there is no need to encrypt the credentials a second time.

When using HTTP Basic authentication, the client, i.e. the Charge Point, has to provide a username andpassword with its request. The username is equal to the charge point identity, which is the identifyingstring of the charge point as it uses it in the OCPP-J connection URL. The password is a 20-byte key thatis stored on the charge point.Example

If we have a charge point with: charge point identity "AL1000"

authorization key 0001020304050607FFFFFFFFFFFFFFFFFFFFFFFFthe HTTP authorization header should be:

Authorization: Basic QUwxMDAwOgABAgMEBQYH////////////////A note on encryption

The authentication mechanism via HTTP Basic Authentication is meant to be used on TLS-encrypted

16

欧美AC充电桩通讯协议OCPP

connections. Using this mechanism on an unencrypted connection means that anyone who can see thenetwork traffic between Charge Point and Central System can see the charge point credentials, and canthus impersonate the Charge Point.Setting the charge point’s credentials

For this charge point authentication scheme, the charge point needs to have an authentication key.This authentication key has to be transferred onto the charge point in some way. What is a good waydepends on the business model of the charge point manufacturer and central system operator.

Setting during or before installation

The desired, secure situation is that every charge point has its own, unique authorization key. If anauthorization key is not unique, an attacker who discovers the authorization key of a single chargepoint can impersonate many or even all charge points in an operator’s Central System.

The simplest way to achieve this is to install the authorization key on the charge point duringmanufacture or installation. In these cases, the key will be securely communicated between the centralsystem operator and installer or manufacturer by communication channels outside of OCPP. Thisscenario is secure because the key is not sent over the channel it is meant to secure, so an attackereavesdropping the connection between Charge Point and Central System cannot impersonate theCharge Point.

Setting the key over OCPP

If the processes of manufacturing, sale and installation of a charge point are not under the centralsystem operator’s control, there is no way to put a unique key on each individual charge point and alsomake sure the central system operator knows these keys and the charge points they belong to. For suchscenarios, it is desirable for all charge points of a series to have the same "master" key when they leavethe factory and are installed, or to have keys that are derived from the charge point identity by thesame algorithm. Still the Central System operator will want to keep adversaries from impersonating allcharge points of a series if the master key is leaked. For this use case, there is a possibility for theCentral System to send a unique key to the charge point via OCPP after charge point installation.To set a charge point’s authorization key via OCPP, the Central System SHALL send the Charge Point aChangeConfiguration.req message with the key AuthorizationKey and as the value a 40-characterhexadecimal representation of the 20-byte authorization key. If the Charge Point responds to thisChangeConfiguration.req with a ChangeConfiguration.conf with status Accepted, the Central SystemSHALL assume that the authorization key change was successful, and no longer accept the credentialspreviously used by the charge point. If the Charge Point responds to the ChangeConfiguration.req witha ChangeConfiguration.conf with status Rejected or NotSupported, the Central System SHALL keepaccepting the old credentials. While the Central System SHALL still accept an OCPP-J connection fromthe Charge Point in this case, it MAY treat the Charge Point’s OCPP messages differently, e.g. by notaccepting the Charge Point’s boot notifications.

17

欧美AC充电桩通讯协议OCPP

The charge point should not give back the authorization key in response to a GetConfiguration request.It can either not report the AuthorizationKey key at all or give back a value that is not related to theactual authorization key.

Note that while sending a key over the channel to be secured is normally considered a bad practice, webelieve it is appropriate here to at least offer the possibility to do so. Typically the authorization keywill be set when a charge point is first 'on-boarded' in the central system. If the charge point then laterproduces the key that was set during on-boarding, it at least means this is the same system thatconnected during the on-boarding. While it may be possible to successfully on-board a spoofed newcharge point to an adversary who knows the single "master" key for all new charge points, it is not

18

欧美AC充电桩通讯协议OCPP

possible to pretend to be an already-installed and operating charge point. This makes still makes anumber of conceivable attacks impossible:

"reservation" of a charge point by spoofing messages marking it as occupied

marking your just-started session on a public charge point as stopped so you won’t have to pay asmuch

sending many spoofed transactions and/or errors from already on-boarded charge points toconfuse a central system operator’s operations

send spoofed transactions with another person’s token ID to the central system to incur financialdamage to the token ID’s owner

It is RECOMMENDED that the Central System operator makes setting the authorization key part of acharge point onboarding procedure, using the new OCPP 1.6 Pending value of the registration status inBootNotification.conf. A newly-connecting Charge Point will first get a Pending registration status on itsfirst BootNotification.conf. The Central System will then set the Charge Point’s unique authorization keywith a ChangeConfiguration.req. Only when this ChangeConfiguration.req has been responded to with aChangeConfiguration.conf with a status of Accepted, will the Central System respond to a bootnotification with an Accepted registration status.

It is RECOMMENDED that the Central System operator checks for anomalies in the newly-connectingcharge points. Thus he can try to detect if an attacker has managed to steal the master key or keyderivation algorithm, and a list of registered charge point identities. For example, if the rate at whichnew charge points connect suddenly increases, this may indicate an attack.Storing the credentials

It is important that the credentials are stored on the Charge Point in such a way that they are not easilylost or reset. If the credentials are lost, erased or changed unilaterally, the Charge Point can no longerconnect to the Central System and requires on-site servicing to install new credentials.

On the Central System side, it is RECOMMENDED to store the authorization key hashed, with a uniquesalt, using a cryptographic hash algorithm designed for secure storage of passwords. This makes surethat if the database containing the charge points' authorization keys is leaked, the attackers still cannotauthenticate as the charge points to the Central System.

6.2.3. What it does and does not secure

The scope of these security measures is limited to authentication and encryption of the connectionbetween Charge Point and Central System. It does not address every current security issue in the EVCharging IT landscape.

It does provide the following things:

authentication of the Charge Point to the Central System (using HTTP Basic Authentication) encryption of the connection between Charge Point and Central System

19

本文来源：https://www.bwwdw.com/article/4xm4.html