BS EN IEC 62056-5-3:2023 – TC
$280.87
Tracked Changes. Electricity metering data exchange. The DLMS®/COSEM suite – DLMS®/COSEM application layer
Published By | Publication Date | Number of Pages |
BSI | 2023 | 904 |
This part of IEC 62056 specifies the DLMS®/COSEM application layer in terms of structure, services and protocols for DLMS®/COSEM clients and servers, and defines rules to specify the DLMS®/COSEM communication profiles. It defines services for establishing and releasing application associations, and data communication services for accessing the methods and attributes of COSEM interface objects, defined in IEC 62056-6-2:2021 using either logical name (LN) or short name (SN) referencing. Annex A (normative) defines how to use the COSEM application layer in various communication profiles. It specifies how various communication profiles can be constructed for exchanging data with metering equipment using the COSEM interface model, and what are the necessary elements to specify in each communication profile. The actual, media-specific communication profiles are specified in separate parts of the IEC 62056 series. Annex B (normative) specifies the SMS short wrapper. Annex C (normative) specifies the gateway protocol. Annex D, Annex E and Annex F (informative) include encoding examples for APDUs. Annex G (normative) provides NSA Suite B elliptic curves and domain parameters. Annex H (informative) provides an example of an End entity signature certificate using P-256 signed with P-256. Annex I (normative) specifies the use of key agreement schemes in DLMS®/COSEM. Annex J (informative) provides examples of exchanging protected xDLMS APDUs between a third party and a server. Annex K (informative) lists the main technical changes in this edition of the standard.
PDF Catalog
PDF Pages | PDF Title |
---|---|
523 | undefined |
526 | Annex ZA (normative)Normative references to international publicationswith their corresponding European publications |
529 | English CONTENTS |
539 | FOREWORD |
541 | INTRODUCTION |
542 | 1 Scope 2 Normative references |
544 | 3 Terms, definitions, abbreviated terms and symbols 3.1 General DLMS®/COSEM definitions |
549 | 3.2 Definitions related to cryptographic security |
559 | 3.3 Definitions and abbreviated terms related to the Galois/Counter Mode |
561 | 3.4 General abbreviated terms |
565 | 3.5 Symbols related to the Galois/Counter Mode 3.6 Symbols related the ECDSA algorithm |
566 | 3.7 Symbols related to the key agreement algorithms 4 Overview of DLMS®/COSEM 4.1 Information exchange in DLMS®/COSEM 4.1.1 General |
567 | 4.1.2 Communication model |
568 | 4.1.3 Naming and addressing Figures Figure 1 – Client–server model and communication protocols |
569 | Figure 2 – Naming and addressing in DLMS®/COSEM |
570 | Tables Table 1 – Client XE “Client” and server XE “Server” SAPs |
571 | 4.1.4 Connection oriented operation Figure 3 – A complete communication session in the CO environment |
572 | 4.1.5 Application associations |
573 | 4.1.6 Messaging patterns XE “Messaging patterns” |
574 | 4.1.7 Data exchange between third parties and DLMS®/COSEM servers Figure 4 – DLMS®/COSEM messaging patterns |
575 | 4.1.8 Communication profiles XE “Communication profile” |
576 | Figure 5 – DLMS®/COSEM generic communication profile XE “Generic communication profile” |
577 | 4.1.9 Model of a DLMS®/COSEM metering system 4.1.10 Model of DLMS®/COSEM servers XE “DLMS/COSEM server model” Figure 6 – Model of a DLMS®/COSEM metering system |
578 | Figure 7 – DLMS®/COSEM server model |
579 | 4.1.11 Model of a DLMS®/COSEM client XE “DLMS/COSEM client model” Figure 8 – Model of a DLMS®/COSEM client using multiple protocol stacks |
580 | 4.1.12 Interoperability XE “Interoperability” and interconnectivity XE “Interconnectivity” in DLMS®/COSEM 4.1.13 Ensuring interconnectivity: the protocol identification service XE “Protocol identification service” 4.1.14 System integration XE “System integration” and meter installation XE “Meter installation” |
581 | 4.2 DLMS®/COSEM application layer main features 4.2.1 General 4.2.2 DLMS®/COSEM application layer structure XE “DLMS/COSEM AL, structure” Figure 9 – The structure of the DLMS®/COSEM application layers |
582 | 4.2.3 The Association Control Service Element XE “Association Control Service Element” , ACSE |
583 | 4.2.4 The xDLMS application service element XE “xDLMS ASE” |
588 | Figure 10 – The concept of composable xDLMS messages |
590 | Table 2 – Clarification of the meaning of PDU size for DLMS®/COSEM |
591 | 4.2.5 Layer management services XE “DLMS/COSEM AL, layer management services” 4.2.6 Summary of DLMS®/COSEM application layer services Figure 11 – Summary of DLMS®/COSEM AL services |
592 | 4.2.7 DLMS®/COSEM application layer protocols XE “DLMS/COSEM AL, protocol specification” 5 Information security in DLMS®/COSEM 5.1 Overview 5.2 The DLMS®/COSEM security concept XE “DLMS/COSEM security concept” 5.2.1 Overview |
593 | 5.2.2 Identification and authentication |
594 | Figure 12 – Authentication mechanisms |
596 | 5.2.3 Security context XE “Security context” 5.2.4 Access rights XE “Access right” 5.2.5 Application layer message security XE “Application layer message security” |
597 | Figure 13 – Client – server message security concept XE “Message security, client – server” |
598 | Figure 14 – End-to-end message security XE “Message security, end-to-end” concept |
599 | 5.2.6 COSEM data security XE “COSEM data security” 5.3 Cryptographic algorithms XE “Cryptographic algorithm” 5.3.1 Overview 5.3.2 Hash function XE “Hash function” |
600 | 5.3.3 Symmetric key algorithms XE “Symmetric key algorithm” Figure 15 – Hash function |
601 | Figure 16 – Encryption and decryption |
602 | Figure 17 – Message Authentication Codes (MACs) |
604 | Figure 18 – GCM functions |
607 | 5.3.4 Public key algorithms XE “Public key algorithm” |
608 | Table 3 – Elliptic curves in DLMS®/COSEM security suites |
610 | Figure 19 – Digital signatures |
612 | Figure 20 – C(2e, 0s) scheme: each party contributes only an ephemeral key pair Table 4 – Ephemeral Unified Model key agreement scheme summary |
613 | Figure 21 – C(1e, 1s) schemes: party U contributes an ephemeral key pair, and party V contributes a static key pair |
614 | Table 5 – One-pass Diffie-Hellman key agreement scheme summary |
615 | Figure 22 – C(0e, 2s) scheme: each party contributes only a static key pair |
616 | Table 6 – Static Unified Model key agreement scheme summary |
617 | 5.3.5 Random number generation XE “Random number generation” Table 7 – OtherInfo subfields and substrings Table 8 – Security algorithm ID-s XE “Security algorithm ID” |
618 | 5.3.6 Compression XE “Compression” 5.3.7 Security suite XE “Security suite” Table 9 – DLMS®/COSEM security suites |
619 | 5.4 Cryptographic keys – overview 5.5 Key used with symmetric key algorithms 5.5.1 Symmetric keys XE “Symmetric key” types |
620 | Table 10 – Symmetric keys types |
621 | 5.5.2 Key information XE “Key information” with general-ciphering APDU and data protection 5.5.3 Key identification XE “Key identification” Table 11 – Key information with general-ciphering APDU and data protection |
622 | 5.5.4 Key wrapping XE “Key wrapping” 5.5.5 Key agreement XE “Key agreement” |
623 | 5.5.6 Symmetric key cryptoperiods XE “Cryptoperiod” 5.6 Keys used with public key algorithms XE “Public key algorithm” 5.6.1 Overview 5.6.2 Key pair generation XE “Key pair generation” Table 12 – Asymmetric keys types and their use |
624 | 5.6.3 Public key certificates and infrastructure |
626 | Figure 23 – Architecture of a Public Key Infrastructure (example) |
627 | 5.6.4 Certificate and certificate extension profile XE “Certificate and certificate extension profile” Table 13 – X.509 v3 Certificate structure |
628 | Table 14 – X.509 v3 tbsCertificate fields |
629 | Table 15 – Naming scheme for the Root-CA instance (informative) Table 16 – Naming scheme for the Sub-CA instance (informative) |
630 | Table 17 – Naming scheme for the end entity instance |
632 | Table 18 – X.509 v3 Certificate extensions |
633 | Table 19 – Key Usage extensions Table 20 – Subject Alternative Name values |
634 | Table 21 – Issuer Alternative Name values Table 22 – Basic constraints extension values |
635 | 5.6.5 Suite B end entity certificate XE “End entity certificate” types to be supported by DLMS®/COSEM servers 5.6.6 Management of certificates Table 23 – Certificates handled by DLMS®/COSEM end entities |
636 | Figure 24 – MSC for provisioning the server with CA certificates |
637 | Figure 25 – MSC for security personalisation of the server |
638 | Figure 26 – Provisioning the server with the certificate of the client |
639 | Figure 27 – Provisioning the client / third party with a certificate of the server Figure 28 – Remove certificate from the server |
640 | 5.7 Applying cryptographic protection 5.7.1 Overview 5.7.2 Protecting xDLMS APDUs Table 24 – Security policy values (“Security setup” version 1) |
641 | Table 25 – Access rights values (“Association LN” ver 3 “Association SN” ver 4) |
642 | Table 26 – Ciphered xDLMS APDUs |
643 | Figure 29 – Cryptographic protection of information using AES-GCM |
644 | Table 27 – Security control byte Table 28 – Plaintext and Additional Authenticated Data |
645 | Figure 30 – Structure of service-specific global XE “Service-specific global ciphering” / dedicated ciphering XE “Service-specific dedicated ciphering” xDLMS APDUs |
646 | Figure 31 – Structure of general-glo-ciphering and general-ded-ciphering xDLMS APDUs |
647 | Figure 32 – Structure of general-ciphering xDLMS APDUs |
648 | Table 29 – Use of the fields of the ciphering xDLMS APDUs |
649 | Table 30 – Example: glo-get-request xDLMS APDU |
651 | Table 31 – ACCESS service with general-ciphering, One-Pass Diffie-Hellman C(1e, 1s, ECC CDH) key agreement scheme |
653 | 5.7.3 Multi-layer protection XE “Multi-layer protection” by multiple parties Figure 33 – Structure of general-signing APDUs |
654 | 5.7.4 HLS authentication XE “HLS authentication” mechanisms |
655 | Table 32 – DLMS®/COSEM HLS authentication mechanisms |
656 | Table 33 – HLS example using authentication-mechanism 5 with GMAC |
657 | 5.7.5 Protecting COSEM data XE “COSEM data protection” Table 34 – HLS example using authentication-mechanism 7 with ECDSA |
658 | 6 DLMS®/COSEM application layer service specification XE ” COSEM AL, service specification” 6.1 Service primitives and parameters Figure 34 – Service primitives |
659 | Figure 35 – Time sequence diagrams |
660 | 6.2 The COSEM-OPEN service XE “COSEM-OPEN service” Table 35 – Codes for AL service parameters |
661 | Table 36 – Service parameters of the COSEM-OPEN service primitives |
665 | 6.3 The COSEM-RELEASE service XE “COSEM-RELEASE service” Table 37 – Service parameters of the COSEM-RELEASE service primitives |
668 | 6.4 COSEM-ABORT service XE “COSEM-ABORT service” 6.5 Protection and general block transfer XE “General block transfer” parameters Table 38 – Service parameters of the COSEM-ABORT service primitives |
669 | Figure 36 – Additional service parameters to control cryptographic protection and GBT |
670 | Table 39 – Additional service parameters |
671 | Table 40 – Security parameters |
672 | Table 41 – APDUs used with security protection types |
673 | 6.6 The GET service XE “GET service” |
674 | Table 42 – Service parameters of the GET service |
675 | Table 43 – GET service request and response types |
676 | 6.7 The SET service XE “SET service” |
677 | Table 44 – Service parameters of the SET service |
678 | Table 45 – SET service request and response types |
680 | 6.8 The ACTION service XE “ACTION service” Table 46 – Service parameters of the ACTION service |
681 | Table 47 – ACTION service request and response types |
683 | 6.9 The ACCESS service 6.9.1 Overview – Main features |
685 | 6.9.2 Service specification |
686 | Table 48 – Service parameters of the ACCESS service |
689 | 6.10 The DataNotification service XE “DataNotification service” |
690 | Table 49 – Service parameters of the DataNotification service primitives |
691 | 6.11 The EventNotification service XE “EventNotification service” Table 50 – Service parameters of the EventNotification service primitives |
692 | 6.12 The TriggerEventNotificationSending service XE “TriggerEventNotificationSending service” Table 51 – Service parameters of the TriggerEventNotificationSending.request service primitive |
693 | 6.13 Variable access specification XE “Variable Access Specification” 6.14 The Read service XE “Read service” Table 52 – Variable Access Specification |
694 | Table 53 – Service parameters of the Read service |
695 | Table 54 – Use of the Variable_Access_Specification variants and the Read.response choices |
697 | 6.15 The Write service XE “Write service” |
698 | Table 55 – Service parameters of the Write service |
699 | Table 56 – Use of the Variable_Access_Specification variants and the Write.response choices |
700 | 6.16 The UnconfirmedWrite service XE “UnconfirmedWrite service” |
701 | Table 57 – Service parameters of the UnconfirmedWrite service Table 58 – Use of the Variable_Access_Specification variants |
702 | 6.17 The InformationReport service XE “InformationReport service” Table 59 – Service parameters of the InformationReport service |
703 | 6.18 Client side layer management services: the SetMapperTable.request XE “AL, management services” XE “Client side layer management services” XE “SetMapperTables.request” 6.19 Summary of services and LN/SN data transfer service mapping XE “LN/SN data transfer service mapping” Table 60 – Service parameters of the SetMapperTable.request service primitives Table 61 – Summary of ACSE services |
704 | 7 DLMS®/COSEM application layer protocol specification XE “COSEM application layer, protocol specification” 7.1 The control function XE “Control function” 7.1.1 State definitions of the client side control function Table 62 – Summary of xDLMS services XE “xDLMS services, LN referencing” |
705 | Figure 37 – Partial state machine for the client side control function |
706 | 7.1.2 State definitions of the server side control function |
707 | Figure 38 – Partial state machine for the server side control function |
708 | 7.2 The ACSE services and APDUs XE “ACSE services and APDUs” 7.2.1 ACSE functional units XE “ACSE functional units” , services and service parameters |
709 | Table 63 – Functional Unit APDUs and their fields |
711 | 7.2.2 Registered COSEM names XE “Registered COSEM names” |
713 | Table 64 – COSEM application context names XE “COSEM application context name” Table 65 – COSEM authentication mechanism names XE “COSEM authentication mechanism name” |
714 | 7.2.3 APDU encoding rules 7.2.4 Protocol for application association establishment XE “Application association, establishment” Table 66 – Cryptographic algorithm ID-s |
716 | Figure 39 – MSC for successful AA establishment preceded by a successful lower layer connection establishment |
720 | 7.2.5 Protocol for application association release XE “Application association, release” |
721 | Figure 40 – Graceful AA release using the A-RELEASE service |
722 | Figure 41 – Graceful AA release by disconnecting the supporting layer |
723 | 7.3 Protocol for the data transfer services XE “Data transfer services, protocol” 7.3.1 Negotiation of services and options – the conformance block XE “Conformance block” Figure 42 – Aborting an AA following a PH-ABORT.indication |
724 | 7.3.2 Confirmed and unconfirmed service invocations Table 67 – xDLMS Conformance block |
726 | 7.3.3 Protocol for the GET service XE “GET service” Figure 43 – MSC of the GET service Table 68 – GET service types and APDUs |
727 | Figure 44 – MSC of the GET service with block transfer |
729 | 7.3.4 Protocol for the SET service XE “SET service” Figure 45 – MSC of the GET service with block transfer, long GET aborted Table 69 – SET service types and APDUs |
730 | Figure 46 – MSC of the SET service Figure 47 – MSC of the SET service with block transfer |
732 | 7.3.5 Protocol for the ACTION service XE “ACTION service” Figure 48 – MSC of the ACTION service Table 70 – ACTION service types and APDUs |
734 | 7.3.6 Protocol for the ACCESS service XE “ACCESS service” Figure 49 – MSC of the ACTION service with block transfer |
735 | 7.3.7 Protocol of the DataNotification service Figure 50 – Access Service with long response Figure 51 – Access Service with long request and response |
736 | Figure 52 – MSC for the DataNotification service, case a) |
737 | Figure 53 – MSC for the DataNotification service, case b) |
738 | 7.3.8 Protocol for the EventNotification service Figure 54 – MSC for the DataNotification service, case c) |
739 | 7.3.9 Protocol for the Read service XE “Read service” Table 71 – Mapping between the GET and the Read services |
740 | Table 72 – Mapping between the ACTION and the Read services |
741 | Figure 55 – MSC of the Read service used for reading an attribute Figure 56 – MSC of the Read service used for invoking a method |
742 | 7.3.10 Protocol for the Write service XE “Write service” Figure 57 – MSC of the Read Service used for reading an attribute, with block transfer |
743 | Table 73 – Mapping between the SET and the Write services |
744 | Table 74 – Mapping between the ACTION and the Write service |
745 | Figure 58 – MSC of the Write service used for writing an attribute Figure 59 – MSC of the Write service used for invoking a method |
746 | 7.3.11 Protocol for the UnconfirmedWrite service XE “UnconfirmedWrite service” Figure 60 – MSC of the Write Service used for writing an attribute, with block transfer |
747 | 7.3.12 Protocol for the InformationReport service XE “InformationReport service” Figure 61 – MSC of the Unconfirmed Write service used for writing an attribute Table 75 – Mapping between the SET and the UnconfirmedWrite services Table 76 – Mapping between the ACTION and the UnconfirmedWrite services |
748 | 7.3.13 Protocol of general block transfer mechanism Table 77 – Mapping between the EventNotification and InformationReport services |
750 | Figure 62 – Partial service invocations and GBT APDUs |
753 | Figure 63 – The GBT procedure |
755 | Table 78 – GBT procedure state variables |
757 | Figure 64 – Send GBT APDU stream sub-procedure |
759 | Figure 65 – Process GBT APDU sub-procedure |
761 | Figure 66 – Check RQ and fill gaps sub-procedure |
762 | Figure 67 – GET service with GBT, switching to streaming |
763 | Figure 68 – GET service with partial invocations, GBT and streaming,recovery of 4th block sent in the 2nd stream |
765 | Figure 69 – GET service with partial invocations, GBT and streaming,recovery of 4th and 5th block |
766 | Figure 70 – GET service with partial invocations,GBT and streaming, recovery of last block |
767 | Figure 71 – SET service with GBT, with server not supporting streaming,recovery of 3rd block |
768 | Figure 72 – ACTION-WITH-LIST service with bi-directional GBT and block recovery |
770 | 7.3.14 Protocol of exception mechanism Figure 73 – DataNotification service with GBT with partial invocation |
771 | 8 Abstract syntax XE “Abstract syntax, COSEM APDUs” of ACSE and COSEM APDUs Table 79 – xDLMS exception mechanism |
790 | 9 COSEM APDU XML schema XE “XML schema” 9.1 General 9.2 XML Schema |
812 | Annex A (normative)Using the DLMS®/COSEM application layer in various communications profiles A.1 General A.2 Targeted communication environments XE “Communication environment” A.3 The structure of the profile XE “Communication profile structure” A.4 Identification and addressing schemes XE “Identification and addressing scheme” |
813 | A.5 Supporting layer services and service mapping XE “Supporting layer services and service mapping” A.6 Communication profile specific parameters of the COSEM AL services XE “Communication profile specific parameters” A.7 Specific considerations / constraints using certain services within a given profile A.8 The 3-layer, connection-oriented, HDLC based communication profile A.9 The TCP-UDP/IP based communication profiles (COSEM_on_IP) A.10 The wired and wireless M-Bus communication profiles A.11 The S-FSK PLC profile |
814 | Annex B (normative)SMS short wrapper Figure B.1 – Short wrapper Table B.1 – Reserved Application Processes |
815 | Annex C (normative)Gateway protocol C.1 General Figure C.1 – General architecture with gateway |
816 | C.2 The gateway protocol XE “Gateway protocol” Figure C.2 – The fields used for pre-fixing the COSEM APDUs |
817 | C.3 HES in the WAN/NN acting as Initiator (Pull operation XE “Pull operation” ) Figure C.3 – Pull message sequence chart |
818 | C.4 End devices in the LAN acting as Initiators (Push operation XE “Push operation” ) C.4.1 General C.4.2 End device with WAN/NN knowledge C.4.3 End devices without WAN/NN knowledge C.5 Security Figure C.4 – Push message sequence chart |
819 | Annex D (informative)AARQ and AARE encoding examples D.1 General D.2 Encoding of the xDLMS InitiateRequest / InitiateResponse APDU |
820 | Table D.1 – Conformance block |
821 | Table D.2 – A-XDR encoding of the xDLMS InitiateRequest APDU |
822 | D.3 Specification of the AARQ and AARE APDUs Table D.3 – A-XDR encoding of the xDLMS InitiateResponse APDU |
823 | D.4 Data for the examples |
824 | D.5 Encoding of the AARQ APDU |
825 | Table D.4 – BER encoding of the AARQ APDU |
827 | D.6 Encoding of the AARE APDU Table D.5 – Complete AARQ APDU |
828 | Table D.6 – BER encoding of the AARE APDU |
832 | Table D.7 – The complete AARE APDU |
833 | Annex E (informative)Encoding examples: AARQ and AARE APDUs using a ciphered application context E.1 A-XDR encoding of the xDLMS InitiateRequest APDU, carrying a dedicated key |
834 | E.2 Authenticated encryption of the xDLMS InitiateRequest APDU Table E.1 – A-XDR encoding of the xDLMS InitiateRequest APDU |
835 | E.3 The AARQ APDU Table E.2 – Authenticated encryption of the xDLMS InitiateRequest APDU |
836 | Table E.3 – BER encoding of the AARQ APDU |
837 | E.4 A-XDR encoding of the xDLMS InitiateResponse APDU |
838 | E.5 Authenticated encryption of the xDLMS InitiateResponse APDU Table E.4 – A-XDR encoding of the xDLMS InitiateResponse APDU |
839 | E.6 The AARE APDU Table E.5 – Authenticated encryption of the xDLMS InitiateResponse APDU |
840 | Table E.6 – BER encoding of the AARE APDU |
841 | E.7 The RLRQ APDU (carrying a ciphered xDLMS InitiateRequest APDU) Table E.7 – BER encoding of the RLRQ APDU |
842 | E.8 The RLRE APDU (carrying a ciphered xDLMS InitiateResponse APDU) Table E.8 – BER encoding of the RLRE APDU |
843 | Annex F (informative)Data transfer service examples F.1 GET / Read, SET / Write examples Table F.1 – The objects used in the examples |
844 | Table F.2 – Example: Reading the value of a single attribute without block transfer |
845 | Table F.3 – Example: Reading the value of a list of attributes without block transfer |
847 | Table F.4 – Example: Reading the value of a single attribute with block transfer |
849 | Table F.5 – Example: Reading the value of a list of attributes with block transfer |
852 | Table F.6 – Example: Writing the value of a single attribute without block transfer |
853 | Table F.7 – Example: Writing the value of a list of attributes without block transfer |
855 | Table F.8 – Example: Writing the value of a single attribute with block transfer |
857 | Table F.9 – Example: Writing the value of a list of attributes with block transfer |
860 | F.2 ACCESS service XE “ACCESS service” example Table F.10 – Example: ACCESS service without block transfer |
861 | F.3 Compact array encoding example F.3.1 General |
862 | F.3.2 The specification of compact-array |
863 | F.3.3 Example 1: Compact array encoding an array of five long-unsigned values |
864 | F.3.4 Example 2: Compact-array encoding of five octet-string values |
865 | F.3.5 Example 3: Encoding of the buffer of a Profile generic object |
866 | F.4 Profile generic IC buffer attribute encoding examples F.4.1 General |
867 | F.4.2 Get-response with Profile generic normal encoding example Table F.11 – Profile generic buffer – get-response with normal encoding |
869 | F.4.3 Get-response with Profile generic null-data compressed encoding example Table F.12 – Profile generic buffer – get-response with null-data compression |
872 | F.4.4 Get-response with Profile generic compact-array encoding example Table F.13 – Profile generic buffer – get-response with compact-array encoding |
874 | F.4.5 Get-response with Profile generic null-data and delta-value encoding example |
875 | Table F.14 – Profile generic buffer – Get-response with null-dataand delta-value encoding |
877 | F.4.6 Comparison of various encoding methods for Get-response APDU F.4.7 Combination of the various encoding methods and V.44 compression Table F.15 – Comparison of various encoding methods for get-response APDU |
878 | Table F.16 – Combination of the various encoding methodsand V.44 compression for get-response APDU |
879 | Annex G (normative)NSA Suite B XE “NSA Suite B” elliptic curves and domain parameters Table G.1 – ECC_P256_Domain_Parameters XE “ECC_P256_Domain_Parameters” |
880 | Table G.2 – ECC_P384_Domain_Parameters XE “ECC_P384_Domain_Parameters” |
881 | Annex H (informative)Example of an End entity signature certificateusing P-256 signed with P-256 H.1 Fields of public key certificates Table H.1 – Fields of public key Certificates using P-256 signed with P-256 |
882 | H.2 Example of a Root-CA Certificate using P-256 signed with P-256 |
883 | H.3 Example of an end entity digital signature Certificate using P-256 signed with P-256 |
884 | Annex I (normative)Use of key agreement schemes in DLMS®/COSEM I.1 Ephemeral Unified Model XE “Ephemeral Unified Model” C(2e, 0s, ECC CDH) scheme Figure I.1 – MSC for key agreement using the Ephemeral Unified Model C(2e, 0s, ECC CDH) scheme |
885 | Table I.1 – Test vector for key agreement using theEphemeral Unified Model C(2e, 0s, ECC CDH) scheme |
887 | I.2 One-Pass Diffie-Hellman XE “One-Pass Diffie-Hellman” C(1e, 1s, ECC CDH) scheme Figure I.2 – Ciphered xDLMS APDU protected by an ephemeral key established using the One-pass Diffie-Hellman (1e, 1s, ECC CDH) scheme |
888 | Table I.2 – Test vector for key agreement using theOne-pass Diffie-Hellman (1e, 1s, ECC CDH) scheme |
890 | I.3 Static Unified Model XE “Static Unified Model” C(0e, 2s, ECC CDH) scheme |
891 | Figure I.3 – Ciphered xDLMS APDU protected by an ephemeral key established using the Static Unified Model C(0e, 2s, ECC CDH) scheme |
892 | Table I.3 – Test vector for key agreement using theStatic-Unified Model (0e, 2s, ECC CDH) scheme |
894 | Annex J (informative)Exchanging protected xDLMS APDUs between TP and server J.1 General J.2 Example 1: Protection is the same in the two directions |
895 | J.3 Example 2: Protection is different in the two directions Figure J.1 – Exchanging protected xDLMS APDUs between TP and server: example 1 |
896 | Figure J.2 – Exchanging protected xDLMS APDUs between TP and server: example 2 |
897 | Annex K (informative)Significant technical changes with respect to IEC 62056‑5‑3:2017 |
900 | Bibliography |