Security Event Notification

Source: OCPP 2.0.1 Part 2 — Specification (Edition 2, 2022-12-15) — Section 1.49 (Messages); Use Case A04 — Security Event Notification (Functional Block A. Security)

Overview

The Charging Station sends SecurityEventNotificationRequest to inform the CSMS of a security-related event. The CSMS acknowledges with SecurityEventNotificationResponse (no body).

Behavioural rules (from A04):

• Critical security events SHALL be delivered, with guaranteed delivery while offline (queued).
• All security events (critical or not) SHALL be stored in the security log.
• The list of defined security events is in spec section 8 — same set as in the OCPP 1.6 security whitepaper, plus a few 2.0.x additions.

Sequence Diagram

Charging Station  ──── SecurityEventNotificationRequest ────▶  CSMS
                       (type, timestamp, techInfo?)
Charging Station  ◀─── SecurityEventNotificationResponse ────  CSMS

Initiator

Charging Station → CSMS

Fields

Defined Security Events (selection)

FirmwareUpdated (critical), FailedToAuthenticateAtCsms, CsmsFailedToAuthenticate, SettingSystemTime (critical), StartupOfTheDevice (critical), ResetOrReboot (critical), SecurityLogWasCleared (critical), ReconfigurationOfSecurityParameters, MemoryExhaustion (critical), InvalidMessages, AttemptedReplayAttacks, TamperDetectionActivated (critical), InvalidFirmwareSignature, InvalidFirmwareSigningCertificate, InvalidCsmsCertificate, InvalidChargingStationCertificate, InvalidTLSVersion, InvalidTLSCipherSuite.

Examples

{
  "type": "TamperDetectionActivated",
  "timestamp": "2026-04-27T12:34:56Z",
  "techInfo": "Enclosure tamper sensor S2 triggered"
}

{}

Schema

Source: schemas/SecurityEventNotificationRequest.json, schemas/SecurityEventNotificationResponse.json (OCPP 2.0.1 FINAL)