Eichrecht

1. Eichrecht concept overview

Bender Charge Controller supports two approaches to achieve Eichrecht-compliant charging systems:

	Meter Eichrecht	Controller Eichrecht
Function	The meter cryptographically signs transaction-relevant meter values	Charge controller and meter a permanently combined – locked – to form a measuring system, in which the Controller cryptographically signs the meter values
Advantages	In comparison more service-friendly simpler system	Software updates to signing functionality to provide new functionality possible, both in factory and in the field Typically, more cost-effective solution
Disadvantages	Software updates to provide new functionality not possible in signing meters Software update of charge controller more easily possible less cost effective solution	Often higher effort in solution design as controller-meter-combination need to be sealed as well Less service-friendly compared to Meter Eichrecht Software update of controller operating system only possible as part of update of signing functionality
Controller Compability	All Charge Controller models (CC612, ICC1612, ICC1622, CC613, ICC1324, ICC1624)	CC612, CC613
Meter Compability	EMH eHZ Series K EMH eHZ Series B Eastron SDM630-EV Iskra WM3M4C NZR EcoCount 85 SL+S	Gossen Metrawatt EM2289 (Ava DZG DVH4013 DZG DWH4013 DZG DWH4113

2. Meter Eichrecht

2.1. General description

2.2. Hardware Requirements

• Any Bender Charge Controller with OCPP support
• Energy meter with support for signed meter values according to table below

Meter brand, model, type and firmware version	Supported functions	Support added in controller SW version	Recommended controller SW version
EMH eHZ Series K KW8E2A5L0EF0P FW: 0_2_0 - 123 -C_90_2 D6AE	SML-based signed data	4.61	5.32.0 or higher
EMH eHZ Series B eHZB-W14EK-0LHPG-D6-A5F1 FW:0_2_00 113001 C90_2.1 A9EE08	SML-based signed data	5.32.0	5.32.0 or higher
Eastron SDM630-EV	OCMF-based signed data Variant with cable loss factor available	5.33.0	5.33.0 or higher
Iskra WM3M4C	OCMF-based signed data Variant with cable loss factor available	5.33.0	5.33.0 or higher
NZR EcoCount 85 SL+S	OCMF-based signed data	5.33.0	5.33.0 or higher
NZR EcoCount 85 SL-SC	OCMF-based signed data Variant with cable loss factor available	5.33.0	5.33.3 or higher

2.3. Functionalities

3. Controller Eichrecht

3.1. General description

When a controller-meter combination is locked, the Eichrecht-relevant software (ER-data) is isolated from the other software (referred to as "Apps") of the charge controller, such as the main application. Detailed functionality descriptions can be provided for conformity assessment.

Both software parts can be updated. However, for the Eichrecht-relevant software, the update needs to be signed with a specific key (public or private). If the signature doesn't match, only the update for non-relevant software (Apps) is performed.

To ensure the Eichrecht-relevant software and the chosen configuration are original and approved, a hash value is calculated during system startup and compared to the expected hash (target hash) listed in the annex.

When locking, a unique public-private key pair is created. The public key can be retrieved from the charge controller through OCPP or the WebUI. For stations with two charge controllers, the keys are unique for each controller.

Eichrecht-relevant charging sessions will be digitally signed with the private key and can be verified using the SAFE Transparency software and the private key.

3.2. Hardware requirements

• the controller models CC612 and CC613 (excluding HEM variants) are supported
• the RCMB software version must be D0660 version 2.01
• Supported meter models (see in chapter Software versions)

3.3. Controller Software and Eichrecht equivalent

Controller Eichrecht versions are iterated separately. These versions require a certain set of files (ER-data) to be installed on the controller, that contain the preapproved software versions known to the Eichrecht certification bodies. The table shows the Eichrecht version achieved by locking the related controller software version.

Controller Software Version	Eichrecht
5.21.0	2.0.2
5.21.1	2.0.3
5.21.2	2.0.3
5.23.0	2.0.4
5.23.2	2.0.4
5.23.3	2.0.5
5.32.0	2.0.3
5.32.0	2.0.4
5.32.0	2.0.5
5.33.0	2.0.5

Controller Eichrecht versions are iterated separately. These versions require a certain set of files (ER-data) to be installed on the controller , that contain the preapproved software versions known to the Eichrecht certification bodies.

Eichrecht version	EVMD version	Supported meter
2.0.3	1.6.5	Gossen Metrawatt EM2289 DZG DVH4013-LCM DZG DWH4013-LCM
2.0.4		Gossen Metrawatt EM2289 DZG DVH4013-LCM DZG DWH4013-LCM DZG DWH4113
2.0.5		Gossen Metrawatt EM2289 DZG DVH4013-LCM DZG DWH4013-LCM DZG DWH4113

3.4. Functionalities

Controller Eichrecht offers the following features depending on the Eichrecht version. It is advised to use the latest Eichrecht version available for type approval.

Feature	Description	Setting	Support added
Cable loss factor	Any electrical component of the chargers adds electrical resistance and causes a voltage drop. The corresponding loss must not exceed 0.5% between the meter and the customer interface (outlet or plug of fixed charging cable). Chargers with fixed charging cables might exceed the limit. This option allows to correct the losses. .		2.0.3
Support for domestic sockets (Schuko)	Certain chargers provide combinations of two outlets for alternate use, like Type 2 socket outlets for EVs and domestic socket outlets (e.g., CEE 7/3 type E or CEE 7/5 type F outlets) for motorcycles. Setting: Enable 'Schuko' for chargers with Type 2/domestic outlet combinations.		2.0.4
Support for relative timestamps	Signed meter values contain an information on the quality of the timestamps. Meter values with relative time may be used to invoice the duration of the charging event as well. Setting: Informative timestamps (I) Relative timestamps (R)		2.0.4

3.5. Locking process

3.5.1. General description

Locking means, that the Charge Controller and the meter form a permanent system. Locking can be described as the software equivalent of sealing, in which two elements are combined permanently and later manipulation can be identified.

caution

When locking a meter to a controller, a data set that represents the locking result is written into a revision-safe memory. Once another meter is connected or another form of manipulation has been detected, the charge controller will permanently fall in a compromised state.

3.5.2. Requirements

A charge controller may be locked when the following preconditions are met:

• The charge controller meets the hardware requirements and has a software version installed, that supports Controller Eichrecht.
• A supported meter is connected on the internal Modbus of the charge controller.
• The Manufacturer set the meter to ‘Modbus Eichrecht’ (restart not needed).
• The charge controller has a current date/time set.
• A public key required for the locking process is present on the charge controller. For 5.21.x and 5.23.0, please provide the public key here: directory /root/public.key

The locking process will be executed with the command ‘er_lock’.

Example procedure:

• Log in to charge controller using SSH with user root: ‘ssh -O root@192.168.123.123’
• Set time in case the charge controller did not receive time from a connected backend or via NTP. For this use command ‘date -s “2023-10-01”’
• Execute the locking script depending on the Eichrecht version as indicated on the table below

info

In newer versions it is directly possible to lock from root. In older versions the full path to er_lock and the correct path to the public-key needs to be provided.

note

The locking process has been simplified with the software version 5.23.2 / 5.32.0 or later. In these versions the default public key is already present.

The following process describes the locking for a Bender Charge Controller CC613 with a DZG DVH4013 meter including informative timestamps and excluding Schuko support.

Software version	Locking command
SW 5.21.1 Eichrecht 2.0.3	er_lock -c ‘Messkapsel-2023.0001’ -p /root/public.key -l 1000 -m dzg
SW 5.23.0 Eichrecht 2.0.4	er_lock -c ‘Messkapsel-2023.0001’ -p /root/public.key -l 1000 -m dzg
SW 5.23.2 Eichrecht 2.0.4	er_lock DZG4013.L1000 ‚Messkapsel-2023.0001‘

3.5.3. Locking parameter with Eichrecht 2.0.3

Parameter		Description
-c --capsule_id	Mandatory parameter	Provides an identification for the measuring capsule for differentiation. The ID can be any string with up to 100 characters. Example: ‘-c MK-2023-000123-1’
-l --loss_factor	Mandatory parameter	The applicable cable loss factor, either 995 or 1000. Example: No cable-loss compensation: ‘-l 1000’ Active cable-loss compensation: ‘-l 995’
-p --public_key	Mandatory parameter	Public key used for updates of the Eichrecht-relevant software parts. The public key is alternatively provided as a path to the public key file or a string with the public key encoded as a hex or base64 string. Example: In case public key is in directory /root/public.key: ‘-p /root/public.key’
-m --meter_type	Mandatory parameter	Meter type connected, either 'gossen' or 'dzg'. Example: For DZG DVH4013: ‘-m dzg’
-h --hash	Optional parameter	Provides the expected target hash represented as 64 character long hex string. In case no string is provided, the target hash will be calculated by the system during locking and shown.

3.5.4. Locking parameter with Eichrecht 2.0.4 (version 5.23.0)

Parameter		Description
-c --capsule_id	Mandatory parameter	Provides an identification for the measuring capsule for differentiation. The ID can be any string with up to 100 characters. Example: ‘-c MK-2023-000123-1’
-l --loss_factor	Mandatory parameter	The applicable cable loss factor, either 995 or 1000. Example: No cable-loss compensation: ‘-l 1000’ Active cable-loss compensation: ‘-l 995’
-p --public_key	Mandatory parameter	Public key used for updates of the Eichrecht-relevant software parts. The public key is alternatively provided as a path to the public key file or a string with the public key encoded as a hex or base64 string. Example: In case public key is in directory /root/public.key: ‘-p /root/public.key’
-m --meter_type	Mandatory parameter	Meter type connected. Example: For DZG DVH4013 or DZG DWH4013: ‘-m dvh4013’ For DZG DWH4113: ‘-m dvh4013-2.19’
-h --hash	Optional parameter	Provides the expected target hash represented as 64 character long hex string. In case no string is provided, the target hash will be calculated by the system during locking and shown. Example: ‘-h 8effce70b6126e050e2420fffdbe38b6b8d65785784b4aeb81524fe0c0e3af37’
-r --relative		Enable relative timestamps in OCMF ("R" flag, see spec). Example: ‘-r’

3.5.5. Locking parameter with Eichrecht 2.0.4 and new versions

With software 5.23.2 and 5.32.0, the locking procedure has been improved for better clarity.

The locking command typically consists of the configuration parameter and the capsule-id parameter. It is still possible to provide another public key.

Examples:

• ‘er_lock DZG4013.L995 Messkapsel-2023.0001’ (DZG DVH4013 with loss compensation, with informative timestamps and without support for schuko)
• ‘er_lock DZG4113.L1000.R.S Messkapsel-2023.0001’ (DZH DWH4113 without loss compensation, with relative timestamps and with support for schuko connectors)

The configuration parameter consists of four parts, including two optional parts.

Mandatory parts:

• Meter type: DZG4013, DZG4113 or Gossen.
• Loss factor: L995 or L1000.

Optional parts:

• Type of time stamp: I (Informative, default) or R (Relative)
• Schuko support: Sn (without schuko support, default) or S (with schuko support)

A full list of all supported configurations may be obtained with ‘er_lock list’.

Optional parameter:

-p for a custom public key used for updates of the Eichrecht-relevant software parts. The public key is alternatively provided as a path to the public key file or a string with the public key encoded as a hex or base64 string.

Example: ‘er_lock -p manufacturer.key DZG4013.L995 Messkapsel-2023.0001’

4. Optimized production process

To speed up the production process, the procedure described below might be used.

4.0.1. Requirements

To speed up the production process, the procedure described below might be used.

• Charge controller with Firmware 5.12.1, 5.20.4 or 5.20.12
• Booted compatible charge controller connected via USB CONFIG

4.0.2. Guide

Step 1: System update using user charge:

• touch /tmp/production_no_reboot
• Copy charger-specific configuration files into /home/charge/persistency/
• Copy the firmware update file to /home/charge/sw_update.deb
• Run ‘opkg --force-reinstall install /home/charge/sw_update.deb’
• ‘rm /home/charge/sw_update.deb’
• Copy the ER-data update file to /home/charge/sw_update.deb
• Run ‘opkg --force-reinstall install /home/charge/sw_update.deb’
• ‘rm /home/charge/sw_update.deb’

info

Preventing reboots by creating the file production_no_reboot is available from 5.33.0. With older versions, the system will need to reboot after each update.

caution

Make sure to not leave debris on the system

Step 2: Locking process using user root:

• Set current time on the charger e. g. using ‘date -s 2023.12.20-12:15’
• lock the system with er_lock
• System will automatically reboot and come back Eichrecht-locked

Step 3: Data acquisition and verification

• Verify locking has been successful
• Gather the public key for signed transaction data
• Gather the public key for the Eichrecht log verification tool

Step 4: Test according to type approval

• Do required transaction tests with the charger
• Get the transparency file for each transaction from the backend and verify the signatures.

4.0.3. Backend

Coming soon

We are currently preparing this section.

5. Eichrecht software updates

• Hash Transition
• Single and Multi-Signature updates
• Eichrecht.log & Verification tool

6. Eichrecht-specific system behavior

• Free Charging & Fixed Local List
• Permanently locked cable
• Restart Transaction after power loss
• Storage of transactions
• OCPP Eichrecht transaction message attempts