Security Event Notification
Source: OCPP 1.6 Security Whitepaper Edition 2 (2020-03-31) — Use Case A04 (Security Event Notification), Sections 5.15 / 5.16 (Messages)
Overview
The Charge Point uses SecurityEventNotification.req to immediately inform the Central System of changes in system security. The Central System acknowledges receipt with SecurityEventNotification.conf.
Behavioural rules:
- When a critical security event happens, the CP SHALL send a
SecurityEventNotification.req. - Security event notifications MUST be queued with guaranteed delivery while the CP is disconnected.
- When any security event happens (critical or not), the CP SHALL store it in the security log. It is recommended to implement this in a rolling format.
Sequence Diagram
Figure 11. Security Event Notification
Charge Point ──── SecurityEventNotification.req ────▶ Central System
(type, timestamp, techInfo?)
Charge Point ◀─── SecurityEventNotification.conf ──── Central System
Initiator
Charge Point → Central System
Fields
| Field Name | Field Type | Card. | Description |
|---|---|---|---|
| type | string [50] | 1..1 | Required. Type of the security event (see list below). |
| timestamp | dateTime | 1..1 | Required. Date and time at which the event occurred. |
| techInfo | string [0..255] | 0..1 | Optional. Additional information about the occurred security event. |
No fields are defined.
Defined Security Events
| Event | Critical |
|---|---|
FirmwareUpdated | Yes |
FailedToAuthenticateAtCentralSystem | No |
CentralSystemFailedToAuthenticate | No |
SettingSystemTime | Yes |
StartupOfTheDevice | Yes |
ResetOrReboot | Yes |
SecurityLogWasCleared | Yes |
ReconfigurationOfSecurityParameters | No |
MemoryExhaustion | Yes |
InvalidMessages | No |
AttemptedReplayAttacks | No |
TamperDetectionActivated | Yes |
InvalidFirmwareSignature | No |
InvalidFirmwareSigningCertificate | No |
InvalidCentralSystemCertificate | No |
InvalidChargePointCertificate | No |
InvalidTLSVersion | No |
InvalidTLSCipherSuite | No |
Critical events SHOULD be pushed to the Central System; non-critical events SHALL still be logged locally.
Examples
{
"type": "TamperDetectionActivated",
"timestamp": "2026-04-27T12:34:56Z",
"techInfo": "Enclosure tamper sensor S2 triggered"
}{
"type": "InvalidTLSVersion",
"timestamp": "2026-04-27T12:35:10Z",
"techInfo": "Server offered TLS 1.0; minimum required is 1.2"
}{}Schema
Source:
schemas/SecurityEventNotification.json,schemas/SecurityEventNotificationResponse.json(OCPP 1.6 Security Whitepaper, JSON Schema draft-06)