Authorization

Authorization defines the access to the EV charging infrastructure for a select or undefined user group.
The Charge Controller supports three major authorization flows:

• Free Charging: Allows unrestricted initiation of charging sessions
• Local Authorization: Allows initiation of charging sessions of registered users with different levels of backend involvement
• Remote Authorization: Authorize charging sessions through an OCPP Backend

Free Charging cannot be combined with Remote Authorization or Local Authorization methods and needs to be disabled before using the other authorization methods.
If Free Charging is enabled, the Local Authorization and Remote Authorization are ignored.
Local Authorization and Remote Authorization flows can operate in tandem.

	Free Charging	Local Authorization	Remote Authorization
Free Charging
Local Authorization
Remote Authorization

1. Hardware prerequisites

Charging Stations are typically required to provide at least one authorization flow. The following table lists the required hardware for each authorization flow option:

Authorization flow	Required hardware	System requirements
RFID token	Compatible RFID reader module	See here for more
Mobile charging apps	Charge Controller with at least one free port/hardware interface for an Internet connection	OCPP backend system with support for mobile charging apps
Payment cards	Charge Controller with at least one free port/hardware interface for an Internet connection	Payment card reader connected to an OCPP Backend
Autocharge / EV MAC Address	Charge Controller with PLC support	EV posessing high-level communication capabilities for AC and/or DC and a static MAC address
ISO15118 Plug&Charge	Charge Controller with PLC support and at least one free port/hardware interface for an Internet connection	ISO 15118-capable EV Hubject-certified charging station OCPP Backend supporting the following standards: OCPP 1.6 Using ISO 15118 Plug & Charge with OCPP 1.6 OCA extension Certified by an official Plug&Charge entity, e.g., Hubject

1.1. Compatible RFID reader modules

One of the following RFID reader modules may be used to authenticate through RFID tokens:

Model		Compatible Charge Controller models
RFID117-L1	go to product page	CC612 (all variants) CC613 (all variants except HEM-X2)
RFID114	go to product page
RFID105-L1	go to product page
RFID110	contact Bender sales
HMI150	go to product page	CC612 (all variants) CC613 (all variants except HEM-X2) ICC1324 (all variants) ICC1314 (all variants)
HMI145	go to product page
HMI140	go to product page

1.2. RFID on Double Charging Stations

Two RFID setups are supported on Double Charging Stations:

• Shared RFID Setup: One RFID module on two Charge Controllers
• Independent RFID Setup: Two RFID modules on two Charge Controllers

	Shared RFID Setup	Independent RFID Setup
Behavior	Charging sessions are authorized for both power outlets through a single RFID module	Charging sessions are authorized for each power outlet independently. You can start two sessions simultaneously using a single RFID tag
Limitations	You cannot start a second charging session while another session is active using the same RFID tag

1.2.1. RFID configuration

Shared RFID Setup

Step 1: Configuring the Master

1. (On Master Charge Controller) Log in to the Legacy Config UI using the Manufacturer Login Credentials
2. Under Manufacturer, set RFID Slave to Off
3. Under Manufacturer, set Enable RFID to On
4. At the bottom of the Legacy Config UI, click to apply the changes

Step 2: Configuring the Slave

1. (On Slave Charge Controller) Log in to the Legacy Config UI using the Manufacturer Login Credentials
2. Under Manufacturer, set Enable RFID to Off
3. At the bottom of the Legacy Config UI, click to apply the changes

Independent RFID Setup

Step 1: Configuring the Master

1. (On Master Charge Controller) Log in to the Legacy Config UI using the Manufacturer Login Credentials
2. Under Manufacturer, set RFID Slave to On
3. Under Manufacturer, set Enable RFID to On
4. At the bottom of the Legacy Config UI, click to apply the changes

Step 2: Configuring the Slave

1. (On Slave Charge Controller) Log in to the Legacy Config UI using the Manufacturer Login Credentials
2. Under Manufacturer, set Enable RFID to On
3. At the bottom of the Legacy Config UI, click to apply the changes

2. Free Charging

Free Charging allows anyone to charge their EV without going through an authorization procedure.

2.1. Relevant parameters

Scope	Location in Config UI	Parameter	Possible values	Info
Operator	AUTHORIZATION > Free Charging	Free Charging	On Off
Operator	AUTHORIZATION > Free Charging	Free Charging Mode	No OCPP With OCPP status notif without auth With OCPP status notif with auth With OCPP Full fixed RFID with auth With OCPP Full fixed RFID without auth With OCPP Full any RFID	see here for an in-depth explanation
Operator	AUTHORIZATION > Free Charging	RFID Tag for Free Charging with OCPP Full, fixed rfid modes	only relevant to these modes: With OCPP Full fixed RFID with auth With OCPP Full fixed RFID without auth	The tag used to communicate to the OCPP Backend in some of the Free Charging modes (see here for when and how it's used)

Free Charging and Eichrecht

While Free Charging is enabled, Eichrecht will automatically be disabled (the meter will transmit unsigned values)

2.2. Minimal configuration

1. In the Config UI, under AUTHORIZATION > Free Charging, set Free Charging to On
2. Set Free Charging Mode to No OCPP
3. At the bottom of the Config UI, click , then click to apply the changes

2.2.1. Free Charging modes

Free Charging comes with several modes to choose from. The base functionality stays the same. The one thing that changes is the active OCPP communication from the Charge Controller for monitoring and reporting purposes. The OCPP functions affected by the active Free Charging mode are:

StatusNotification

MeterValue

Authorize

StartTransaction

StopTransaction

Parameter	Mode	RFID behavior	Inactive OCPP functions	Transmitted transaction ID
Free Charging Mode	No OCPP	No RFID scan required to start a charging session. Charging starts immediately	StatusNotification Authorize MeterValues StartTransaction StopTransaction RemoteStartTransaction RemoteStopTransaction	None
Free Charging Mode	With OCPP status notif without auth	No RFID scan required to start a charging session. Charging starts immediately	Authorize StartTransaction StopTransaction RemoteStartTransaction RemoteStopTransaction	None
Free Charging Mode	With OCPP status notif with auth	Any RFID tag must be scanned	Authorize StartTransaction StopTransaction RemoteStartTransaction RemoteStopTransaction	Scanned RFID tag
Free Charging Mode	With OCPP Full fixed RFID with auth	Any RFID tag must be scanned	Authorize	Rfid Tag for Free Charging with OCPP Full, fixed rfid modes(see here) or ID token from the Backend
Free Charging Mode	With OCPP Full fixed RFID without auth	No RFID scan required to start a charging session. Charging starts immediately	Authorize RemoteStartTransaction	Rfid Tag for Free Charging with OCPP Full, fixed rfid modes(see here)
Free Charging Mode	With OCPP Full any RFID	Any RFID tag must be scanned	Authorize	Scanned RFID tag or ID token from the Backend

Charging Stations with outlet covers

On Charging Stations with outlet covers any RFID tag must be scanned to release the outlet cover regardless of the selected Free Charging mode.

2.2.2. Free Charging mode decision chart

Use the following chart to help choose the Free Charging Mode that makes most sense for your situation:

3. Local Authorization

Local Authorization is an authorization feature that works independently of Remote Authorization and Free Charging.
Local authorization is managed through the Local Whitelist.

3.1. Local Whitelist

The Local Whitelist is a backend-independent list, which is stored exclusively on the Charge Controller. UIDs which are entered in this list are always authorized for loading. There is no interaction between the OCPP Backend and the Local Whitelist other than status notifications.

Precedence

When Local Authorization is active in tandem with Remote Authorization, the Local Whitelist takes precedence over any remote validations. In other words

3.2. Enable

1. Make sure that the following parameters are set like so:

Scope	Location in Config UI	Parameter	Value
Operator	AUTHORIZATION > RFID Whitelists	Enable local whitelist	On

3.2.1. Managing the Local Whitelist

The Local Whitelist can be populated with various elements:

Type	Characteristics	Example	Info
RFID tag	Main type of ID used with the Local Whitelist	0460558A565F80	‍
MAC address	Used in tandem with Autocharge	1A:2B:3C:4D:00:00	‍
AUTH_INPUT	Special tag used in tandem with the Auth Input authorization feature (documentation is being worked on)	AUTH_INPUT	‍

3.2.1.0.1. Adding RFID entries to the Local Whitelist

add a single entry

2. Under WHITELISTS > Local Whitelist, click
3. Enter the desired UID
4. Click

Scan RFID cards

1. Under WHITELISTS > Local Whitelist, click . This activates the RFID learning mode
2. Read the RFID card you'd like to add to the Whitelist through the RFID card scanner
3. Repeat step 2 for any additional cards
4. Click

The Local Whitelist should be populated with the new IDs.

3.2.1.1. Authorization on Double Charging Stations

Use-case: You want to authorize a UID on just one of two Connectors inside a Double Charging Station.

• Add _1 to the end of a UID to authorize it only on the Master Charge Controller
• Add _2 to the end of a UID to authorize it only on the Slave Charge Controller

3.2.1.1.1. Example

UID	Effect
839B0E0A	Authorize on both Charge Controllers
839B0E0A_1	Authorize on the Master Charge Controller only (Connector 1)
839B0E0A_2	Authorize on the Slave Charge Controller only (Connector 2)

3.2.2. Whitelisting through OCPP

The OCPP Whitelist is a local cache of the Backend on the Charging Station.
Here, all RFID tags authorized by the Backend can be transferred to the Charging Station periodically.
This intended operation even in the event of a networking error between the Charging Station and Backend. Also, the local cache improves authorization speed.
If this option is deactivated, a request is made to the Backend every time a request is made to the Charging Station (i.e. whenever an RFID is presented to the RFID reader). Only when this is accepted, the charging process is authorized.

3.2.2.1. Configuration

To enable the OCPP whitelist:

1. Apply the following configuration:

Scope	Location in Config UI	Parameter	Value	Info
Operator	AUTHORIZATION > RFID Whitelist	Enable OCPP Whitelist	On

In the List of entries in OCPP whitelist (also List of entries in cache) all UIDs released by the Backend are cached. In which intervals this list is updated depends on the respective backend.

info

In certain cases (troubleshooting) it may be useful to delete the entire list.
To do this, remove all numbers in the list and save the change with Save & Restart.

3.2.2.2. Refreshing the OCPP Whitelist cache

The setting OCPP Whitelist expiry mode determines how the Charging Station handles cache entry deletions:

Scope	Location in Config UI	Parameter	Value	Effect
Operator	AUTHORIZATION > General	OCPP Whitelist expiry mode	End of epoch 2038 (default)	(default value) the controller is configured to expire cache entries on the latest possible date (19th January 2038). In practice, this means that the local memory entries are never cleared by the controller itself. Any changes to the cache are therefore made exclusively by the backend or manually.
Operator	AUTHORIZATION > General		One year from now	The cache will automatically expire one year after the last change.

3.3. Manual authorization through the charging button

For testing and troubleshooting purposes, you can manually override authorization requirements, regardless of your current configuration.

Enabling the charging button

1. Log in to the Config UI using the Operator Login Credentials
2. Under AUTHORIZATION > General, set Enable charging button on dashboard to On
3. At the bottom of the Config UI, click , then click to apply the changes

Using the charging button

1. Log in to the Config UI using the Operator Login Credentials
2. Under DASHBOARD, click the charging button labeled Start:

3. The charging process should now start

3.4. OCPP remote authorization configuration

The following parameters can be configured over OCPP:

Scope	OCPP key	Config UI equivalent	Possible values	Info
Operator	LocalPreAuthorize	Local Pre Authorize	On: 1(Integer) Off: 0(Integer)
Operator	Free Charging	Local Authorize Offline	0(Integer): No OCPP 1(Integer): With OCPP status notif without auth 2(Integer): With OCPP status notif with auth 3(Integer): With OCPP Full fixed RFID with auth 4(Integer): With OCPP Full fixed RFID without auth 5(Integer): With OCPP Full any RFID	see here for an in-depth explanation
Operator	RfidTagFreeCharging	RFID Tag for Free Charging with OCPP Full, fixed rfid modes	any alpha-numerical string, e.g. freecharging	The tag used to communicate to the OCPP Backend in some of the Free Charging modes (see here for when and how it's used). only relevant to these modes: With OCPP Full fixed RFID with auth With OCPP Full fixed RFID without auth

Scope	OCPP key (Master)	OCPP key (Slave)	Automatic value forwarding to the Slave?	Config UI equivalent	Possible values	Info
Operator	LocalPreAuthorize	LocalPreAuthorize_2	Yes (has to be set on the Master only, will be applied to the Slave automatically)	Free Charging	On: 1(Integer) Off: 0(Integer)
Operator	LocalAuthorizeOffline	LocalAuthorizeOffline_2	Yes (has to be set on the Master only, will be applied to the Slave automatically)	Free Charging Mode	0(Integer): No OCPP 1(Integer): With OCPP status notif without auth 2(Integer): With OCPP status notif with auth 3(Integer): With OCPP Full fixed RFID with auth 4(Integer): With OCPP Full fixed RFID without auth 5(Integer): With OCPP Full any RFID	see here for an in-depth explanation
Operator	AuthorizeRemoteTxRequests	AuthorizeRemoteTxRequests_2	No, has to be set on both the Master and Slave	RFID Tag for Free Charging with OCPP Full, fixed rfid modes	any alpha-numerical string, e.g. freecharging	The tag used to communicate to the OCPP Backend in some of the Free Charging modes (see here for when and how it's used). only relevant to these modes: With OCPP Full fixed RFID with auth With OCPP Full fixed RFID without auth