Security for Optical Ports on Energy Meters

Optical ports provide local access for service engineers during installation or maintenance of energy meters.

Households have physical access to their energy meter and might try to get access to the meter software.

The optical interface for smart meters from almost every manufacturer is specified in the IEC 62056-21. (The US-American ANSI C12.18 is not covered by this article.)

Main functions that can be accessed using optical communication

  • Billing data readout
  • TOU (Time of Use) readout and modification
  • Billing period reset
  • Register and profile resets
  • Parameter readout and modification
  • Communication input settings
  • Analysis and diagnostic functions

Note: During the production process electronic meters need to be adjusted. This is done by writing correction values in a dedicated memory inside the meter. This correction values are protected against external access and can not be overwritten once the meter has left the manufacturing site. There are different protection solutions. Some manufacturers are using the optical port for adjustment and lock later this memory section. CLOU meters are using a special port on the PCB for adjustment, which has no physical connection with the infrared port in compliance with the Measuring Instruments Directive (MID).

Protection of the Optical Port

The IEC specification defines the following communication modes:

  • Mode A
  • supports bidirectional data exchange at 300 baud without baud rate switching. This protocol mode permits data readout and programming with optional password protection.

  • Mode B
  • offers the same functionality as protocol mode A, but with additional support for baud rate switching.

  • Mode C
  • offers the same functionality as protocol mode B with enhanced security and manufacturer-specific modes.

  • Mode D
  • supports unidirectional data exchange at a fixed baud rate of 2400 baud and permits data readout only.

  • Mode E
  • allows the use of other protocols.

For the password command, the following command type identifiers are defined:

– 0 data is operand for secure algorithm

– 1 data is operand for comparison with internally held password

– 2 data is result of secure algorithm (manufacturer-specific)

These defined command type identifiers allow static passwords (1) or a manufacturer-specific challenge-response algorithm (0 and 2). Furthermore operation mode C supports manufacturer-specific enhanced security, which is out of the scope of the IEC standard.

Besides this password protection, the IEC standard defines a set of security levels for use in combination with mode C.

  • Access level 1
  • only requires knowledge of the protocol to gain access.

  • Access level 2
  • requires a password to be correctly entered.

  • Access level 3
  • requires operation of a sealable button or manipulation of certain data with a secret algorithm to gain access.

  • Access level 4
  • requires physical entry into the case of the meter and effecting a physical change, such as making/breaking a link or operation of a switch, before further communications access is allowed.

Practical security implementation

The safest method for optical port protection is a authentication by a challenge-response algorithm. This requires that each meter has a unique key. The complex key administration is a back-draw for optical port communication because each handheld- or PC need to keep the meter specific key, while each meter needs to keep the PC specific key. For remote access (AMI systems) this procedure is recommended.

The CLOU risk analysis shows that the most suitable approach is to use a password for read-only operations, together with a manufacturer specific data encryption. For writing operations the terminal cover must be open.

Once the terminal cover is opened unauthorized the meter is recording a tamper event. Depending on the meter type the relay trips and in case of a AMI system the tamper event is forwarded to the centre.

A sealing of the optical port itself does not provide additional security.

What is the difference between vectorial- and arithmetic VA calculation?

There are two commonly used methods to calculate the apparent power (VA).
The traditional method is the vectorial calculation. Here we are adding the active power (W) from each phase and the reactive power (var) from each phase. As the reactive power vector has a 90° angle vers. the active power we can calculate the hypotenuse (VA). Old meter installations are using this method.
With electronic meters with microprocessor we are able to calculate the VA for each phase individually and then add the VA values. This method is called arithmetic calculation. It is more accurate.
CLOU meters are using the arithmetic calculation. Some meters can be set to vectorial calculation mode.

What is Maximum Demand Measurement?

Demand is a measure of average power consumption over a fixed time interval. Maximum (or peak) demand is the highest demand recorded over the billing period. The billing period is mostly end of the month.

Non-domestic electrical power users often have to pay a maximum demand charge in addition to the charge for the consumed energy. This additional charge is based on the highest amount of power used over a period (e.g. 15 minutes) during the billing period.

CLOU meters can operate with a fixed window or with a sliding window.1

What is the difference?

The fixed window is defined in certain steps (e.g. 15 minutes), starting at the full hour. It can be programmed for the following fixed intervals:

  • 5 minutes
  • 15 minutes
  • 30 minutes
  • 60 minutes

At the end of each fixed window period, the average power for that period is calculated. If this value is higher than the already existing value, it is stored as the MD (maximum demand).

The sliding window is the CLOU default setting. For sub integration period the default is 1 minute.

At the end of a sub integration period the average power is calculated for one integration period. If this value is higher than the already existing value then this is stored as MD. The integration period slides by a window of the sub integration period.

sub periods
Sub periods for sliding window
Integration period1 min2 min5 min6 min12 min
5 min51
15 min153
30 min301565
60 min603012105

The maximum demand register MD will be reset at the set transferring time of each month (1stof each month).
Demand value measured in 6 digits, including 4 integers and 2 decimals.

Which impact has the measurement with fixed- or sliding window on the result?
We take a simple example:
Below we see the energy consumption for a time period from 9 o’clock to 9:30. The reading is once per minute.
energy consumption
The diagram below shows the calculated demand for above load profile between 09:15 and 09:33. We can see that the sliding window calculation shows a MD of 157 kW (blue line) while the fixed window shows a MD of 141 kW (red line).
maximum demand
What do we learn?
With the same load profile the maximum demand values can be different. If the customer has to pay an additional penalty for exceeding 150 kW, he does not have to pay by calculation with fixed window.
With sliding window calculation he needs to pay, because with 157 kW he is exceeding his limit.
The benefit for utilities is that the consumers will not switch-on all machines and appliances at the same time to avoid the penalty. This effect has also big influence on minimizing of peak loads in the grid.
We recommend to use our default setting with 15 minutes interval, sliding by one minute.