WSS security protocol for OCPP 1.6

OCPP 1.6 introduced WebSocket Secure (WSS) as a key security feature for communication between charging stations and central management systems. Here are the main aspects of the WSS security protocol in OCPP 1.6:

WSS security protocol for OCPP 1.6

Transport Layer Security (TLS)

OCPP 1.6 uses TLS to encrypt communications, preventing eavesdropping and data tampering during transmission. Implementation requires:

  • Configuring WebSocket over TLS (WSS) connections
  • Using TLS 1.2 or higher with industry-standard encryption algorithms
  • Installing server certificates on the gateway to verify identity and establish secure connections

Authentication Mechanisms

OCPP 1.6 defines three security profiles with different levels of authentication:

  1. Security Profile 1: Password-only client authentication
  2. Security Profile 2: Server certificate verification for CSMS identity + password for client authentication
  3. Security Profile 3: Mutual authentication with client certificates

Secure Firmware Updates

The protocol supports encrypted remote firmware updates:

  • Firmware update requests are transmitted via TLS
  • Integrity and signature verification ensure the firmware’s authenticity

Security Event Logging

OCPP 1.6 supports logging security-related events, such as:

  • Authentication failures
  • TLS connection establishment or disconnection

Local Authorization List

To enhance system reliability, OCPP 1.6 allows charging stations to use a Local Authorization List for offline authentication.

WebSocket Ping/Pong

OCPP 1.6 utilizes WebSocket Ping and Pong frames to check if remote endpoints are still responsive, similar to heartbeat messages. This feature can be configured using the WebSocketPingInterval key:

  • 0: Disables client WebSocket Ping/Pong (client can still reply to Pong)
  • 0: Specifies the interval in seconds for client pings

By implementing these security features, OCPP 1.6 provides robust protection for charging infrastructure while meeting industry requirements for communication security. Shenzhen Wisewish Technology’s OCPP protocol 4G gateway supports the WSS security protocol, ensuring the safety of charging stations!

admin