Authorization
1. Intro
Authorization is needed to restrict access to EV charging infrastructure to a select group of EV owners. The Charge Controller supports three major authorization flows:
- Free Charging: Allows unrestricted initiation of charging sessions
- Local Authorization: Authorize charging sessions based on local authentication rules
- Remote Authorization: Authorize charging sessions through an OCPP Backend
Können die Authorization Methoden gleichzeitig sinnvoll genutzt werden? Wenn ja, wie sehen da die Interaktionen zu aus?
2. Hardware prerequisites
Your Charging Station requires at least one RFID-capable hardware component to allow for local and remote authorization flows.
The following RFID modules are available to add authorization support:
| Model | Compatible Charge Controller models | |
|---|---|---|
| RFID117-L1 | (all variants) CC612 CC613 | product page |
| RFID114 | product page | |
| RFID105-L1 | product page | |
| RFID110 | contact Bender sales | |
| HMI150 | (all variants) CC612 CC613 ICC1324 ICC1314 | product page |
| HMI145 | product page | |
| HMI140 | product page |
2.1. Master-Slave setup considerations
Two RFID setups are supported on Double Charging Stations:
- One shared RFID module (Master-Slave)
- Two individually controlled RFID modules
3. Free Charging
Free Charging allows anyone to charge their EV vehicle at any time and at no cost for the EV driver.
3.1. Relevant parameters
| Scope | Location in Configuration Interface | Parameter | Possible values | Info |
|---|---|---|---|---|
| Operator | AUTHORIZATION > Free Charging | Free Charging |
| |
| Operator | AUTHORIZATION > Free Charging | Free Charging Mode |
| see here for an in-depth explanation |
| Operator | AUTHORIZATION > Free Charging | RFID Tag for Free Charging with OCPP Full, fixed rfid modes | only relevant for these modes:
| The tag used to communicate to the OCPP Backend in some of the Free Charging modes (see here for when and how it's used) |
3.2. Enable
- In the Configuration Interface, under AUTHORIZATION > Free Charging, set
Free ChargingtoOn - Set
Free Charging ModetoNo OCPP - At the bottom of the Configuration Interface, click , then click to apply the changes
3.3. Modes
Free Charging comes with several modes to choose from. The base functionality stays the same. The one thing that changes is the active OCPP communication from the Charge Controller for monitoring and reporting purposes. The OCPP functions affected by the active Free Charging mode are:
StatusNotificationTransactionNotificationMeterValueAuthorizeStartTransactionStopTransaction
| Free Charging mode | RFID behavior | Inactive OCPP functions | Transmitted transaction ID | Power outlet cover interaction (if applicable) |
|---|---|---|---|---|
No OCPP |
|
| None | Any RFID tag must be scanned to release the cover |
With OCPP status notif without auth |
|
| None | |
With OCPP status notif with auth |
|
| Scanned RFID tag | |
With OCPP Full fixed RFID with auth |
|
| Rfid Tag for Free Charging with OCPP Full, fixed rfid modes(see here) or ID token from the Backend | |
With OCPP Full fixed RFID without auth |
|
| Rfid Tag for Free Charging with OCPP Full, fixed rfid modes(see here) | |
With OCPP Full any RFID |
|
| Scanned RFID tag or ID token from the Backend |
3.4. Free Charging mode decision chart
Use the following chart to help choose the Free Charging Mode that makes most sense for your situation.
4. Local Authorization
Local Authorization is an authorization feature that works independently of Remote Authorization and Free Charging.
Local authorization is managed through the Local Whitelist.
4.1. Local Whitelist
The Local Whitelist is a backend-independent list, which is stored exclusively on the Charge Controller. UIDs which are entered in this list are always authorized for loading. There is no interaction between the OCPP Backend and the Local Whitelist.
4.2. Enable
- Make sure that the following parameters are set like so:
| Scope | Location in Configuration Interface | Parameter | Value |
|---|---|---|---|
| Operator | AUTHORIZATION > RFID Whitelists | Enable local whitelist | On |
4.2.1. Managing the Local Whitelist
The Local Whitelist can be populated with various elements:
| Type | Characteristics | Example | Info |
|---|---|---|---|
| RFID tag | Main type of ID used with the Local Whitelist | 0460558A565F80 | |
| MAC address | Used in tandem with Autocharge | 1A:2B:3C:4D:00:00 | |
| AUTH_INPUT | Special tag used in tandem with the Auth Input authorization feature (documentation is being worked on) | AUTH_INPUT |
4.2.1.0.1. Adding RFID entries to the Local Whitelist
- add a single entry
- import entries in bulk
- Scan RFID cards
- Under WHITELISTS > Local Whitelist, click
- Enter the desired UID
- Click
- Under WHITELISTS > Local Whitelist, click
- Choose a CSV-file filled with IDs
The Local Whitelist should now contain the new IDs.
CSV column order
| Column | Field |
|---|---|
| 1 | UID |
| 2 | Connector number |
| 3 | Name |
CSV examples
839B0E0A
839B0E0B
839B0E0C
839B0E0A,1,name
839B0E0B,2,name
839B0E0C,2,name
- Under WHITELISTS > Local Whitelist, click . This activates the RFID learning mode
- Read the RFID card you'd like to add to the Whitelist through the RFID card scanner
- Repeat step 3 for any additional cards
- Click
The Local Whitelist should be populated with the new IDs.
4.2.1.1. Authorization on Double Charging Stations
Use-case: You want to authorize a UID on just one of two Charge Controllers inside a Double Charging Station.
- Add
_1to the end of a UID to authorize it only on the master Charge Controller - Add
_2to the end of a UID to authorize it only on the slave Charge Controller
4.2.1.1.1. Example
| UID | Effect |
|---|---|
839B0E0A | Authorize on both Charge Controllers |
839B0E0A_1 | Authorize on the master Charge Controller only |
839B0E0A_2 | Authorize on the slave Charge Controller only |
4.2.2. Whitelisting through OCPP
4.2.2.1. Intro
The OCPP Whitelist is a local cache of the backend on the Charging Station. Here, all RFIDs from authorized charge cards by the backend can be transferred to the Charging Station periodically. This is to ensure that a charging process can be authorized even if the Charging Station cannot establish a connection to the Backend. In addition, the cache allows authorization to take place much more quickly. If this option is deactivated, a request is made to the backend every time a request is made to the Charging Station (i.e. whenever an RFID is presented to the RFID reader). Only when this is accepted, the charging process is authorized.
4.2.2.2. Configuration
To enable the OCPP whitelist:
- Configure the following parameters:
| Scope | Location in Configuration Interface | Parameter | Value | Info |
|---|---|---|---|---|
| Operator | AUTHORIZATION > RFID Whiteliste | Enable OCPP Whitelist | On |
In the List of entries in OCPP whitelist (also List of entries in cache) then all UIDs released by the backend are cached. In which intervals this list is updated depends on the respective backend.
We recommend not to make any changes in this list, as they will be overwritten during the next synchronization. In certain cases it may be useful to delete the entire list. To do this, remove all numbers in the list and save the change with Save & Restart.
4.2.2.3. Refreshing the OCPP Whitelist cache
In the parameter OCPP Whitelist expiry mode you can select if the Charging Station should delete entries of the cache by itself.
| Scope | Location in Configuration Interface | Parameter | Value | Effect |
|---|---|---|---|---|
| Operator | AUTHORIZATION > General | OCPP Whitelist expiry mode | End of epoch 2038 (default) | (default value) the controller is configured to expire cache entries on the latest possible date (12/31/2038). In practice, this means that the local memory entries are never cleared by the controller itself. Any changes to the cache are therefore made exclusively by the backend or manually. |
| Operator | AUTHORIZATION > General | One year from now | The cache will automatically expire one year after the last change. |
4.3. Manual authorization
through the Configuration Interface (Start Button)
- Use case
- Testing for electrician when you don’t want to set up RFID
- Authorization / Enable Charging button on Configuration Interface
5. Remote authorization
5.0.1. OCPP configuration options
- Local Pre Authorize
- Local Authorize Offline
- Send Authorize for RemoteStart
5.1. UID letter case
Take the display format into account when reading the UID. For our controller, the hexadecimal code must always be used. When entering the UIDs, the representation form must match the selection in the RFID Tag letter case field.
5.1.1. UID format examples
| format | Example UID |
|---|---|
| Lower case | 0a0e9b83 |
| Upper case | 0A0E9B83 |
6. Relevant parameters reference
Here is an overview on the general settings that affect how authorization is handled:
| Scope | Location in Configuration Interface | Parameter | Value | Info |
|---|---|---|---|---|
| Operator | AUTHORIZATION > Free Charging | Free Charging | ||
| Operator | AUTHORIZATION > Free Charging | Free Charging Mode | ||
| Operator | AUTHORIZATION > Free Charging | RFID Tag for Free Charging with OCPP Full, fixed rfid modes | ||
| Operator | AUTHORIZATION > Free Charging | RFID Tag for Free Charging with OCPP Full, fixed rfid modes (Connector 2) | ||
| Operator | AUTHORIZATION > Free Charging | If in doubt allow charging | Off | The charging process is not started until the Charging Station receives a response from the backend and the user has been authorized. In extreme cases, this will result in the user not being able to charge. |
On | In this case, the charging process is authorized even if there is no feedback from the back end. However, as soon as this occurs, the loading process is subsequently canceled if necessary. | |||
ImmediatelyWhenPlugged | Here, the charging process starts immediately after the charging cable is plugged in. The user's RFID is not checked until the charging station has reconnected to the back end. If necessary, the charging process is then aborted. The difference to "On" is that here no RFID has to be presented at all to start the charging process. | |||
| Operator | AUTHORIZATION > General | Vehicle connection timeout | ||
| Operator | AUTHORIZATION > General | Send Authorize for RemoteStart | ||
| Operator | AUTHORIZATION > General | Stop Transaction Mode | Normal | The cable is released and the transaction stopped when the cable is removed from the car or the RFID used to authorize the charging process is presented again. |
| Operator | AUTHORIZATION > General | Stop Transaction Mode | Stop only by unplugging | The transaction will not stop completely until the cable is removed from the Charging Station. |
| Operator | AUTHORIZATION > General | Stop Transaction Mode | Unlock only by RFID/RemoteStop | The charging transaction will not stop until the authorized RFID is presented again or an appropriate (remote stop) message is transmitted from the backend. **Caution: removing the cable from the Charging Station does not terminate the transaction. |
| Operator | AUTHORIZATION > General | Stop Transaction Mode | Normal + Mode D | Same as Normal, wowever, it is supplemented by two cases in which the transaction is also terminated. One is when the vehicle switches to the so-called charging mode D (see EN 62196 Type 2). This signals the vehicle that the battery is "outgassing". However, the problem of outgassing does not occur with lithium-ion batteries, which is why charging mode D never occurs in practice. Second, when a fault current is detected and the residual current device (RCD) trips. This immediately interrupts the power supply. However, using this option requires the RCD to communicate with the controller and signal when it has tripped. However, this is not the case with the Berlin Charging Station, for example. |
| Operator | AUTHORIZATION > General | Lock Actuator only if authorized | ||
| Operator | AUTHORIZATION > RFID Settings | Enable RFID | ||
| Operator | AUTHORIZATION > RFID Settings | RFID Tag letter case | ||
| Operator | AUTHORIZATION > RFID Settings | Language of Display | ||
| Operator | AUTHORIZATION > RFID Whitelists | Enable local whitelist | ||
| Operator | AUTHORIZATION > RFID Whitelists | Enable OCPP whitelist | ||
| Operator | AUTHORIZATION > RFID Whitelists | Local Pre Authorize | ||
| Operator | AUTHORIZATION > RFID Whitelists | Local Authorize Offline |
7. Appendix
7.1. RFID card support
7.1.1. Supported standards
- EV2-J
7.1.2. Supported cards
The Charge Controller family supports all Mifare variants:
- MIFARE Classic 1K/4K
- MIFARE Ultralight
- MIFARE Ultralight C
- MIFARE Plus S
- MIFARE Plus X
- MIFARE Plus SE
- MIFARE Plus EV2
- MIFARE DESFire
- MIFARE DESFire EV1
- MIFARE DESFire EV2
- MIFARE DESFire EV3
- MIFARE 2GO
- MIFARE SmartMX
7.1.3. Additional notes
- With the MIFARE DESFire EV2, we support the EV2-J
- Only the UID can be read
- Limited support for rolling UIDs. We advise against rolling UIDs
For increased security use EV2J.