BS EN 62056-5-3:2017
$215.11
Electrcity metering data exchange. The DLMS/COSEM suite – DLMS/COSEM application layer
| Published By | Publication Date | Number of Pages |
| BSI | 2017 | 354 |
This part of IEC 62056 specifies the DLMS/COSEM application layer in terms of structure, services and protocols for DLMS/COSEM clients and servers, and defines rules to specify the DLMS/COSEM communication profiles.
It defines services for establishing and releasing application associations, and data communication services for accessing the methods and attributes of COSEM interface objects, defined in IEC 62056-6-2 using either logical name (LN) or short name (SN) referencing.
Annex A (normative) defines how to use the COSEM application layer in various communication profiles. It specifies how various communication profiles can be constructed for exchanging data with metering equipment using the COSEM interface model, and what are the necessary elements to specify in each communication profile. The actual, media-specific communication profiles are specified in separate parts of the IEC 62056 series.
Annex B (normative) specifies the SMS short wrapper.
Annex C (normative) specifies the gateway protocol.
Annex D, Annex E and Annex F (informative) include encoding examples for APDUs.
Annex G (normative) provides NSA Suite B elliptic curves and domain parameters.
Annex H (informative) provides an example of an End entity signature certificate using P-256 signed with P-256.
Annex I (normative) specifies the use of key agreement schemes in DLMS/COSEM.
Annex J (informative) provides examples of exchanging protected xDLMS APDUs between a third party and a server.
Annex K (informative) lists the main technical changes in this edition of the standard.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 2 | National foreword |
| 7 | CONTENTS |
| 16 | FOREWORD |
| 18 | INTRODUCTION |
| 19 | 1 Scope 2 Normative references |
| 21 | 3 Terms, definitions, abbreviated terms and symbols 3.1 General DLMS/COSEM definitions |
| 24 | 3.2 Definitions related to cryptographic security |
| 34 | 3.3 Definitions and abbreviated terms related to the Galois/Counter Mode |
| 35 | 3.4 General abbreviated terms |
| 39 | 3.5 Symbols related to the Galois/Counter Mode |
| 40 | 3.6 Symbols related the ECDSA algorithm 3.7 Symbols related to the key agreement algorithms 4 Overview of DLMS/COSEM 4.1 Information exchange in DLMS/COSEM 4.1.1 General |
| 41 | 4.1.2 Communication model |
| 42 | 4.1.3 Naming and addressing Figures Figure 1 โ Clientโserver model and communication protocols |
| 43 | Figure 2 โ Naming and addressing in DLMS/COSEM |
| 44 | Tables Table 1 โ Client and server SAPs |
| 45 | 4.1.4 Connection oriented operation Figure 3 โ A complete communication session in the CO environment |
| 46 | 4.1.5 Application associations |
| 47 | 4.1.6 Messaging patterns |
| 48 | 4.1.7 Data exchange between third parties and DLMS/COSEM servers 4.1.8 Communication profiles Figure 4 โ DLMS/COSEM messaging patterns |
| 49 | Figure 5 โ DLMS/COSEM generic communication profile |
| 50 | 4.1.9 Model of a DLMS/COSEM metering system 4.1.10 Model of DLMS/COSEM servers Figure 6 โ Model of a DLMS/COSEM metering system |
| 51 | Figure 7 โ DLMS/COSEM server model |
| 52 | 4.1.11 Model of a DLMS/COSEM client Figure 8 โ Model of a DLMS/COSEM client using multiple protocol stacks |
| 53 | 4.1.12 Interoperability and interconnectivity in DLMS/COSEM 4.1.13 Ensuring interconnectivity: the protocol identification service |
| 54 | 4.1.14 System integration and meter installation 4.2 DLMS/COSEM application layer main features 4.2.1 General 4.2.2 DLMS/COSEM application layer structure |
| 55 | Figure 9 โ The structure of the DLMS/COSEM application layers |
| 56 | 4.2.3 The Association Control Service Element, ACSE |
| 57 | 4.2.4 The xDLMS application service element |
| 62 | Figure 10 โ The concept of composable xDLMS messages |
| 63 | Table 2 โ Clarification of the meaning of PDU size for DLMS/COSEM |
| 64 | 4.2.5 Layer management services 4.2.6 Summary of DLMS/COSEM application layer services |
| 65 | 4.2.7 DLMS/COSEM application layer protocols 5 Information security in DLMS/COSEM 5.1 Overview Figure 11 โ Summary of DLMS/COSEM AL services |
| 66 | 5.2 The DLMS/COSEM security concept 5.2.1 Overview 5.2.2 Identification and authentication |
| 67 | Figure 12 โ Authentication mechanisms |
| 69 | 5.2.3 Security context 5.2.4 Access rights 5.2.5 Application layer message security |
| 70 | Figure 13 โ Client โ server message security concept |
| 71 | 5.2.6 COSEM data security Figure 14 โ End-to-end message security concept |
| 72 | 5.3 Cryptographic algorithms 5.3.1 Overview 5.3.2 Hash function |
| 73 | 5.3.3 Symmetric key algorithms Figure 15 โ Hash function |
| 74 | Figure 16 โ Encryption and decryption |
| 75 | Figure 17 โ Message Authentication Codes (MACs) |
| 76 | Figure 18 โ GCM functions |
| 79 | 5.3.4 Public key algorithms |
| 81 | Table 3 โ Elliptic curves in DLMS/COSEM security suites |
| 83 | Figure 19 โ Digital signatures |
| 84 | Figure 20 โ C(2e, 0s) scheme: each party contributes only an ephemeral key pair |
| 85 | Table 4 โ Ephemeral Unified Model key agreement scheme summary |
| 86 | Figure 21 โ C(1e, 1s) schemes: party U contributes an ephemeral key pair, and party V contributes a static key pair |
| 87 | Table 5 โ One-pass Diffie-Hellman key agreement scheme summary |
| 88 | Figure 22 โ C(0e, 2s) scheme: each party contributes only a static key pair |
| 89 | Table 6 โ Static Unified Model key agreement scheme summary |
| 90 | 5.3.5 Random number generation Table 7 โ OtherInfo subfields and substrings Table 8 โ Cryptographic algorithm ID-s |
| 91 | 5.3.6 Compression 5.3.7 Security suite Table 9 โ DLMS/COSEM security suites |
| 92 | 5.4 Cryptographic keys โ overview 5.5 Key used with symmetric key algorithms 5.5.1 Symmetric keys types |
| 93 | 5.5.2 Key information with general-ciphering APDU and data protection Table 10 โ Symmetric keys types |
| 94 | 5.5.3 Key identification 5.5.4 Key wrapping Table 11 โ Key information with general-ciphering APDU and data protection |
| 95 | 5.5.5 Key agreement 5.5.6 Symmetric key cryptoperiods |
| 96 | 5.6 Keys used with public key algorithms 5.6.1 Overview 5.6.2 Key pair generation Table 12 โ Asymmetric keys types and their use |
| 97 | 5.6.3 Public key certificates and infrastructure |
| 99 | Figure 23 โ Architecture of a Public Key Infrastructure (example) |
| 100 | 5.6.4 Certificate and certificate extension profile Table 13 โ X.509 v3 Certificate structure |
| 101 | Table 14 โ X.509 v3 tbsCertificate fields |
| 102 | Table 15 โ Naming scheme for the Root-CA instance (informative) Table 16 โ Naming scheme for the Sub-CA instance (informative) |
| 103 | Table 17 โ Naming scheme for the end entity instance |
| 105 | Table 18 โ X.509 v3 Certificate extensions |
| 106 | Table 19 โ Key Usage extensions Table 20 โ Subject Alternative Name values |
| 107 | Table 21 โ Issuer Alternative Name values Table 22 โ Basic constraints extension values |
| 108 | 5.6.5 Suite B end entity certificate types to be supported by DLMS/COSEM servers 5.6.6 Management of certificates Table 23 โ Certificates handled by DLMS/COSEM end entities |
| 109 | Figure 24 โ MSC for provisioning the server with CA certificates |
| 110 | Figure 25 โ MSC for security personalisation of the server |
| 111 | Figure 26 โ Provisioning the server with the certificate of the client |
| 112 | Figure 27 โ Provisioning the client / third party with a certificate of the server Figure 28 โ Remove certificate from the server |
| 113 | 5.7 Applying cryptographic protection 5.7.1 Overview 5.7.2 Protecting xDLMS APDUs Table 24 โ Security policy values (โSecurity setupโ version 1) |
| 114 | Table 25 โ Access rights values (โAssociation LNโ ver 3 โAssociation SNโ ver 4) |
| 115 | Table 26 โ Ciphered xDLMS APDUs |
| 116 | Figure 29 โ Cryptographic protection of information using AES-GCM |
| 117 | Table 27 โ Security control byte Table 28 โ Plaintext and Additional Authenticated Data |
| 118 | Figure 30 โ Structure of service-specific global / dedicated ciphering xDLMS APDUs |
| 119 | Figure 31 โ Structure of general-glo-ciphering and general-ded-ciphering xDLMS APDUs |
| 120 | Figure 32 โ Structure of general-ciphering xDLMS APDUs |
| 121 | Table 29 โ Use of the fields of the ciphering xDLMS APDUs |
| 122 | Table 30 โ Example: glo-get-request xDLMS APDU |
| 124 | Table 31 โ ACCESS service with general-ciphering, One-Pass Diffie-Hellman C(1e, 1s, ECC CDH) key agreement scheme |
| 126 | 5.7.3 Multi-layer protection by multiple parties Figure 33 โ Structure of general-signing APDUs |
| 127 | 5.7.4 HLS authentication mechanisms |
| 128 | Table 32 โ DLMS/COSEM HLS authentication mechanisms |
| 129 | Table 33 โ HLS example using authentication-mechanism 5 with GMAC |
| 130 | 5.7.5 Protecting COSEM data Table 34 โ HLS example using authentication-mechanism 7 with ECDSA |
| 131 | 6 DLMS/COSEM application layer service specification 6.1 Service primitives and parameters Figure 34 โ Service primitives |
| 132 | Figure 35 โ Time sequence diagrams |
| 133 | 6.2 The COSEM-OPEN service Table 35 โ Codes for AL service parameters |
| 134 | Table 36 โ Service parameters of the COSEM-OPEN service primitives |
| 138 | 6.3 The COSEM-RELEASE service Table 37 โ Service parameters of the COSEM-RELEASE service primitives |
| 141 | 6.4 COSEM-ABORT service 6.5 Protection and general block transfer parameters Table 38 โ Service parameters of the COSEM-ABORT service primitives |
| 142 | Figure 36 โ Additional service parameters to control cryptographic protection and GBT |
| 143 | Table 39 โ Additional service parameters |
| 144 | Table 40 โ Security parameters |
| 145 | Table 41 โ APDUs used with security protection types |
| 146 | 6.6 The GET service |
| 147 | Table 42 โ Service parameters of the GET service |
| 148 | Table 43 โ GET service request and response types |
| 149 | 6.7 The SET service |
| 150 | Table 44 โ Service parameters of the SET service |
| 151 | Table 45 โ SET service request and response types |
| 153 | 6.8 The ACTION service Table 46 โ Service parameters of the ACTION service |
| 154 | Table 47 โ ACTION service request and response types |
| 156 | 6.9 The ACCESS service 6.9.1 Overview โ Main features |
| 158 | 6.9.2 Service specification |
| 160 | Table 48 โ Service parameters of the ACCESS service |
| 163 | 6.10 The DataNotification service Table 49 โ Service parameters of the DataNotification service primitives |
| 164 | 6.11 The EventNotification service Table 50 โ Service parameters of the EventNotification service primitives |
| 165 | 6.12 The TriggerEventNotificationSending service Table 51 โ Service parameters of the TriggerEventNotificationSending.request service primitive |
| 166 | 6.13 Variable access specification 6.14 The Read service Table 52 โ Variable Access Specification |
| 167 | Table 53 โ Service parameters of the Read service |
| 168 | Table 54 โ Use of the Variable_Access_Specification variants and the Read.response choices |
| 170 | 6.15 The Write service |
| 171 | Table 55 โ Service parameters of the Write service |
| 172 | Table 56 โ Use of the Variable_Access_Specification variants and the Write.response choices |
| 173 | 6.16 The UnconfirmedWrite service |
| 174 | Table 57 โ Service parameters of the UnconfirmedWrite service Table 58 โ Use of the Variable_Access_Specification variants |
| 175 | 6.17 The InformationReport service Table 59 โ Service parameters of the InformationReport service |
| 176 | 6.18 Client side layer management services: the SetMapperTable.request 6.19 Summary of services and LN/SN data transfer service mapping Table 60 โ Service parameters of the SetMapperTable.request service primitives Table 61 โ Summary of ACSE services |
| 177 | Table 62 โ Summary of xDLMS services |
| 178 | 7 DLMS/COSEM application layer protocol specification 7.1 The control function 7.1.1 State definitions of the client side control function Figure 37 โ Partial state machine for the client side control function |
| 179 | 7.1.2 State definitions of the server side control function Figure 38 โ Partial state machine for the server side control function |
| 180 | 7.2 The ACSE services and APDUs 7.2.1 ACSE functional units, services and service parameters |
| 182 | Table 63 โ Functional Unit APDUs and their fields |
| 184 | 7.2.2 Registered COSEM names |
| 185 | Table 64 โ COSEM application context names |
| 186 | Table 65 โ COSEM authentication mechanism names |
| 187 | 7.2.3 APDU encoding rules 7.2.4 Protocol for application association establishment Table 66 โ Cryptographic algorithm ID-s |
| 189 | Figure 39 โ MSC for successful AA establishment preceded by a successful lower layer connection establishment |
| 192 | 7.2.5 Protocol for application association release |
| 194 | Figure 40 โ Graceful AA release using the A-RELEASE service |
| 195 | Figure 41 โ Graceful AA release by disconnecting the supporting layer |
| 196 | 7.3 Protocol for the data transfer services 7.3.1 Negotiation of services and options โ the conformance block Figure 42 โ Aborting an AA following a PH-ABORT.indication |
| 197 | 7.3.2 Confirmed and unconfirmed service invocations Table 67 โ xDLMS Conformance block |
| 198 | 7.3.3 Protocol for the GET service |
| 199 | Figure 43 โ MSC of the GET service Table 68 โ GET service types and APDUs |
| 200 | Figure 44 โ MSC of the GET service with block transfer |
| 202 | 7.3.4 Protocol for the SET service Figure 45 โ MSC of the GET service with block transfer, long GET aborted Table 69 โ SET service types and APDUs |
| 203 | Figure 46 โ MSC of the SET service Figure 47 โ MSC of the SET service with block transfer |
| 205 | 7.3.5 Protocol for the ACTION service Figure 48 โ MSC of the ACTION service Table 70 โ ACTION service types and APDUs |
| 207 | 7.3.6 Protocol for the ACCESS service Figure 49 โ MSC of the ACTION service with block transfer |
| 208 | Figure 50 โ ACCESS Service with long response Figure 51 โ ACCESS Service with long request and response |
| 209 | 7.3.7 Protocol of the DataNotification service 7.3.8 Protocol for the EventNotification service 7.3.9 Protocol for the Read service |
| 210 | Table 71 โ Mapping between the GET and the Read services |
| 211 | Table 72 โ Mapping between the ACTION and the Read services |
| 212 | Figure 52 โ MSC of the Read service used for reading an attribute Figure 53 โ MSC of the Read service used for invoking a method |
| 213 | 7.3.10 Protocol for the Write service Figure 54 โ MSC of the Read service used for reading an attribute, with block transfer |
| 214 | Table 73 โ Mapping between the SET and the Write services (1 of 2) |
| 215 | Table 74 โ Mapping between the ACTION and the Write service |
| 216 | Figure 55 โ MSC of the Write service used for writing an attribute |
| 217 | Figure 56 โ MSC of the Write service used for invoking a method |
| 218 | 7.3.11 Protocol for the UnconfirmedWrite service Figure 57 โ MSC of the Write service used for writing an attribute, with block transfer |
| 219 | 7.3.12 Protocol for the InformationReport service Figure 58 โ MSC of the UnconfirmedWrite service used for writing an attribute Table 75 โ Mapping between the SET and the UnconfirmedWrite services Table 76 โ Mapping between the ACTION and the UnconfirmedWrite services |
| 220 | 7.3.13 Protocol of general block transfer mechanism Table 77 โ Mapping between the EventNotification and InformationReport services |
| 222 | Figure 59 โ Partial service invocations and GBT APDUs |
| 224 | Figure 60 โ GET service with GBT, switching to streaming |
| 225 | Figure 61 โ GET service with partial invocations, GBT and streaming, recovery of 4th block sent in the 2nd stream |
| 226 | Figure 62 โ GET service with partial invocations, GBT and streaming, recovery of 4th and 5th block |
| 227 | Figure 63 โ GET service with partial invocations, GBT and streaming, recovery of last block |
| 228 | Figure 64 โ SET service with GBT, with server not supporting streaming, recovery of 3rd block |
| 229 | Figure 65 โ ACTION-WITH-LIST service with bi-directional GBT and block recovery |
| 230 | Figure 66 โ DataNotification service with GBT with partial invocation |
| 231 | 8 Abstract syntax of ACSE and COSEM APDUs |
| 244 | 9 COSEM APDU XML schema 9.1 General |
| 245 | 9.2 XML Schema |
| 266 | Annexย A (normative)Using the DLMS/COSEM application layer in various communications profiles A.1 General A.2 Targeted communication environments A.3 The structure of the profile A.4 Identification and addressing schemes |
| 267 | A.5 Supporting layer services and service mapping A.6 Communication profile specific parameters of the COSEM AL services A.7 Specific considerations / constraints using certain services within a given profile A.8 The 3-layer, connection-oriented, HDLC based communication profile A.9 The TCP-UDP/IP based communication profiles (COSEM_on_IP) A.10 The wired and wireless M-Bus communication profiles A.11 The S-FSK PLC profile |
| 268 | Annexย B (normative)SMS short wrapper Figure B.1 โ Short wrapper Table B.1 โ Reserved Application Processes |
| 269 | Annexย C (normative)Gateway protocol C.1 General Figure C.1 โ General architecture with gateway |
| 270 | C.2 The gateway protocol Figure C.2 โ The fields used for pre-fixing the COSEM APDUs |
| 271 | C.3 HES in the WAN/NN acting as Initiator (Pull operation) Figure C.3 โ Pull message sequence chart |
| 272 | C.4 End devices in the LAN acting as Initiators (Push operation) C.4.1 General C.4.2 End device with WAN/NN knowledge Figure C.4 โ Push message sequence chart |
| 273 | C.4.3 End devices without WAN/NN knowledge C.5 Security |
| 274 | Annexย D (informative)AARQ and AARE encoding examples D.1 General D.2 Encoding of the xDLMS InitiateRequest / InitiateResponse APDU |
| 275 | Table D.1 โ Conformance block |
| 276 | Table D.2 โ A-XDR encoding of the xDLMS InitiateRequest APDU |
| 277 | D.3 Specification of the AARQ and AARE APDUs Table D.3 โ A-XDR encoding of the xDLMS InitiateResponse APDU |
| 278 | D.4 Data for the examples |
| 279 | D.5 Encoding of the AARQ APDU |
| 280 | Table D.4 โ BER encoding of the AARQ APDU |
| 282 | D.6 Encoding of the AARE APDU Table D.5 โ Complete AARQ APDU |
| 283 | Table D.6 โ BER encoding of the AARE APDU |
| 287 | Table D.7 โ The complete AARE APDU |
| 288 | Annexย E (informative)Encoding examples: AARQ and AARE APDUs using a ciphered application context E.1 A-XDR encoding of the xDLMS InitiateRequest APDU, carrying a dedicated key |
| 289 | E.2 Authenticated encryption of the xDLMS InitiateRequest APDU Table E.1 โ A-XDR encoding of the xDLMS InitiateRequest APDU |
| 290 | E.3 The AARQ APDU Table E.2 โ Authenticated encryption of the xDLMS InitiateRequest APDU |
| 291 | Table E.3 โ BER encoding of the AARQ APDU |
| 292 | E.4 A-XDR encoding of the xDLMS InitiateResponse APDU |
| 293 | E.5 Authenticated encryption of the xDLMS InitiateResponse APDU Table E.4 โ A-XDR encoding of the xDLMS InitiateResponse APDU |
| 294 | E.6 The AARE APDU Table E.5 โ Authenticated encryption of the xDLMS InitiateResponse APDU |
| 295 | Table E.6 โ BER encoding of the AARE APDU |
| 296 | E.7 The RLRQ APDU (carrying a ciphered xDLMS InitiateRequest APDU) Table E.7 โ BER encoding of the RLRQ APDU |
| 297 | E.8 The RLRE APDU (carrying a ciphered xDLMS InitiateResponse APDU) Table E.8 โ BER encoding of the RLRE APDU |
| 298 | Annexย F (informative)Data transfer service examples F.1 GET / Read, SET / Write examples Table F.1 โ The objects used in the examples |
| 299 | Table F.2 โ Example: Reading the value of a single attribute without block transfer |
| 300 | Table F.3 โ Example: Reading the value of a list of attributes without block transfer |
| 302 | Table F.4 โ Example: Reading the value of a single attribute with block transfer |
| 304 | Table F.5 โ Example: Reading the value of a list of attributes with block transfer |
| 307 | Table F.6 โ Example: Writing the value of a single attribute without block transfer |
| 308 | Table F.7 โ Example: Writing the value of a list of attributes without block transfer |
| 310 | Table F.8 โ Example: Writing the value of a single attribute with block transfer |
| 312 | Table F.9 โ Example: Writing the value of a list of attributes with block transfer |
| 315 | F.2 ACCESS service example Table F.10 โ Example: ACCESS service without block transfer |
| 316 | F.3 Compact array encoding example F.3.1 General F.3.2 The specification of compact-array |
| 318 | F.3.3 Example 1: Compact array encoding an array of five long-unsigned values |
| 319 | F.3.4 Example 2: Compact-array encoding of five octet-string values F.3.5 Example 3: Encoding of the buffer of a Profile generic object |
| 322 | Annexย G (normative)NSA Suite B elliptic curves and domain parameters Table G.1 โ ECC_P256_Domain_Parameters |
| 323 | Table G.2 โ ECC_P384_Domain_Parameters |
| 324 | Annexย H (informative)Example of an End entity signature certificateusing P-256 signed with P-256 |
| 326 | Annexย I (normative)Use of key agreement schemes in DLMS/COSEM I.1 Ephemeral Unified Model C(2e, 0s, ECC CDH) scheme Figure I.1 โ MSC for key agreement using the Ephemeral Unified Model C(2e, 0s, ECC CDH) scheme |
| 328 | Table I.1 โ Test vector for key agreement using theEphemeral Unified Model C(2e, 0s, ECC CDH) scheme |
| 329 | I.2 One-Pass Diffie-Hellman C(1e, 1s, ECC CDH) scheme |
| 330 | Figure I.2 โ Ciphered xDLMS APDU protected by an ephemeral key established using the One-pass Diffie-Hellman (1e, 1s, ECC CDH) scheme |
| 332 | Table I.2 โ Test vector for key agreement using theOne-pass Diffie-Hellman (1e, 1s, ECC CDH) scheme |
| 334 | I.3 Static Unified Model C(0e, 2s, ECC CDH) scheme |
| 335 | Figure I.3 โ Ciphered xDLMS APDU protected by an ephemeral key established using the Static Unified Model C(0e, 2s, ECC CDH) scheme |
| 336 | Table I.3 โ Test vector for key agreement using theStatic-Unified Model (0e, 2s, ECC CDH) scheme |
| 338 | Annexย J (informative)Exchanging protected xDLMS APDUs between TP and server J.1 General J.2 Example 1: Protection is the same in the two directions |
| 339 | J.3 Example 2: Protection is different in the two directions Figure J.1 โ Exchanging protected xDLMS APDUs between TP and server: example 1 |
| 340 | Figure J.2 โ Exchanging protected xDLMS APDUs between TP and server: example 2 |
| 341 | Annexย K (informative)Significant technical changes with respect to IECย 62056-5-3:2016 |
| 344 | Bibliography |
| 348 | Index |
