As electric vehicles (EVs) are becoming increasingly popular, their charging infrastructure (EV Charging) requires particular attention to safety, reliability and simplicity. This charging infrastructure is based on a technology called Public Key Infrastructure (PKI). In this blog post, we will get to know PKIs together, explore related concepts such as “Chain of Trust” and explain how they are used in the innovative Plug & Charge (PnC) for EV Charging.
Today, the Internet is fundamentally based on PKIs and the Chain of Trust to enable secure communication and data transfers. Every time you visit a website that uses HTTPS, you benefit from PKIs. If you see a padlock in your address bar, it means that the website's identity has been verified by a trusted “Certificate Authority” (CA) and that the connection to the server is encrypted. The same technology is also used in online banking, e-commerce, secure e-mail and various other online services and guarantees data integrity, confidentiality and authenticity.
If you are not yet very familiar with PKIs and the Chain of Trust, we'll take a look at exactly what they actually are and how they work in the next paragraph.
What is a PKI?
Think of a PKI like a bouncer at a busy restaurant who checks everyone's ID. PKIs are a framework of policies, technologies, and processes that are used to create, manage, distribute, use, store, and revoke digital IDs (certificates). It is based on the concept of key pairs, in which public keys (public keys) are freely shared and private keys (private keys) are kept secret. In addition, there are digital certificates that assign the public keys to an identity and are issued by a certificate authority. As a result, property is represented in the digital world. With PKIs, you can send messages securely, with the knowledge that they can only be read by the desired recipient and that the message actually comes from you.
Chain of Trust
PKIs are based on the “chain of trust” concept. Think of the Chain of Trust as a family tree, but it shows the lineage of digital certificates (see Figure 1). The chain always starts with a root certificate authority. This is a trusted organization that issues digital certificates. The Root CA certificate is signed by the Root CA and is widely recognized. Intermediate CAs — CAs between root CA and end instances, so-called sub-CAs — receive their certificates from the root CA. As a result, they too are trustworthy. These in turn issue certificates for end instances, such as servers, users or devices. The result is a hierarchical structure that ensures that a digital certificate can always be traced back to the root CA via sub-CAs: the so-called chain of trust. It is validated by verifying every digital certificate on it. It is therefore ensured that every link in the chain is genuine and trustworthy.
ISO 15118 and plug & charge technology
Plug&Charge technology was introduced in the ISO 15118 standard. It revolutionizes EV charging through automatic authentication and billing without the need for a card, an app or manual input. PnC was recently expanded to include full handshakes, which allow EVs and EV charging infrastructure (EV Supply Equipment, EVSE) to be automatically authenticated. To this end, the ISO standard establishes a communication protocol between EVs and charging stations, which specifies how information can be exchanged securely and efficiently. This protocol is heavily based on PKIs.
As can be seen in Figure 2, trust building is based on a so-called “vehicle-to-grid” (V2G) root CA. This must be recognized as trustworthy by all organizations on the market. As usual for a chain of trust, the digital certificates for charging stations are issued by possible intervening CAs. The EVSE and sub-CA certificates are then exchanged during a TLS handshake in order to then open a secure communication channel for the PnC session. The EV can then verify the digital signatures of all certificates using the pre-installed V2G root certificate and join the communication channel.
In order to start a charging process afterwards, the vehicle must first present a contract certificate, which is linked to a settlement account via a so-called e-mobility account identifier (EMAI). This certificate is issued by a Mobility Operator (MO) and makes it possible to authorize the EV to charge.
ISO 15118 now specifies exactly this communication between EVs and charging stations. However, there are additional players, such as mobility operators, charge point operators and vehicle manufacturers, who must also communicate with each other. In order to represent these interactions in a technically coherent manner, the VDE Application Guide VDE-AR-E 2802-100-1 was created. This describes these interactions and is a blueprint for the PnC ecosystem (see Figure 3). Companies such as Hubject or e-clearing.net are building the necessary infrastructure for this.
Figure 3: Overview of the processes involved in issuing contract certificates. Source: VDE-AR-E 2802-100-1. Figure 3 can be interpreted as follows: Vehicle manufacturers (OEMs) equip their vehicles with Provisioning Certificate Identifiers (PCID). This can then be stored in a contract with a mobility operator. The MO is then responsible for depositing certificates (including payment information) with the Certificate Provisioning Service. This service organizes the provision of certificates to OEMs and CPOs. All these actors work closely together to ensure the smooth functioning of the ecosystem.
These high implementation costs achieve considerable benefits for end customers:
- Higher security: PKIs ensure that only authenticated and authorized vehicles and charging stations can interact. This reduces the risk of unwanted access and cyber attacks.
- Convenience: PnC simplifies the entire charging process, as EVs simply need to be plugged in to start charging. RFID cards or apps are becoming superfluous.
- Trust and reliability: The solid technological basis of chain of trust and PKIs ensures a secure and reliable system. This creates trust in the EV charging infrastructure.
There are also benefits for CPOs:
- Greater efficiency: Less customer support means lower operating costs.
- Scalability: The charging network can be expanded more easily, as less manual work is involved during operation.
- Integration with smart grids: Energy management in the sense of load balancing in the power grid can be operated. This ensures greater sustainability.
conclusion
As electric vehicles become more widespread, so does the need for safe and user-friendly charging options. PKIs are a solid basis for implementing safe, reliable and convenient charging in line with Plug&Charge technology. It is now the responsibility of all market participants to make their contribution to the implementation of these technologies in order to create a sustainable charging ecosystem as quickly as possible.
